www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanz...
Submission: On October 01 via manual (October 1st 2023, 1:32:59 pm UTC) from US — Scanned from CH

Summary HTTP 231 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 36 IPs in 9 countries across 36 domains to perform 231 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on September 24th 2023. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.218.77 104.20.218.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
26	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
24	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:d::11 2a02:2638:d::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
6 28	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3 5	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	52.5.118.137 52.5.118.137	14618 (AMAZON-AES) (AMAZON-AES)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.139.102 185.86.139.102	201081 (SMARTADSE...) (SMARTADSERVER)
3 3	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
2 2	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
2 2	50.31.142.255 50.31.142.255	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.104.70.67 172.104.70.67	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	69.166.1.35 69.166.1.35	27630 (AS-XFERNET) (AS-XFERNET)
1 1	52.31.123.196 52.31.123.196	16509 (AMAZON-02) (AMAZON-02)
2 3	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
1	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.252 138.201.84.252	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	145.239.2.103 145.239.2.103	16276 (OVH) (OVH)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	159.203.145.121 159.203.145.121	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	18.197.170.218 18.197.170.218	16509 (AMAZON-02) (AMAZON-02)
2 2	18.195.61.190 18.195.61.190	16509 (AMAZON-02) (AMAZON-02)
231	36

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.218.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.184.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.27.193 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.5.118.137 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-118-137.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.102 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.45.175.185 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.127.253.7 (Tappahannock, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.255 (Hickory Hills, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.70.67 (Tokyo, Japan) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1680-67.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.35 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.123.196 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-123-196.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::90 (Ulyanovsk, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.116 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.252 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.252.84.201.138.clients.your-server.de

hal900024.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.2.103 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns3082036.ip-145-239-2.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.203.145.121 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.170.218 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-170-218.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.61.190 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-61-190.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	googlesyndication.com 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com	561 KB
57	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 433	525 KB
28	criteo.net static.criteo.net — Cisco Umbrella Rank: 897 csm.eu.criteo.net — Cisco Umbrella Rank: 7577	100 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 331	251 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 408	235 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com — Cisco Umbrella Rank: 680248	430 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	514 KB
9	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 7499 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 8966 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 14897 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13805	86 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 35069 hal900024.redintelligence.net — Cisco Umbrella Rank: 282630	11 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 781	3 KB
5	google.com www.google.com — Cisco Umbrella Rank: 11	2 KB
3	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 863	595 B
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	2 KB
3	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 4716	956 B
3	bluevoox.com 3 redirects im.bluevoox.com — Cisco Umbrella Rank: 16820	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 614	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 1171	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1432 r.turn.com — Cisco Umbrella Rank: 6191	869 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 906	1 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 687	2 KB
2	inmobi.com 2 redirects sync.inmobi.com — Cisco Umbrella Rank: 2496	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 713	948 B
2	stackadapt.com 2 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 1241	3 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1469 s.tribalfusion.com — Cisco Umbrella Rank: 3247	1 KB
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 876	35 B
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 7015	134 B
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 84565	95 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 720	32 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11661	1 KB
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 1089	594 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1592	758 B
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 10594	597 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	5 KB
1	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 1096	410 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1878	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 12701	468 B
231	36

	Domain	Requested by
39	pagead2.googlesyndication.com	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com www.googletagservices.com googleads.g.doubleclick.net tpc.googlesyndication.com d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com s0.2mdn.net
26	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
26	tpc.googlesyndication.com	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com securepubads.g.doubleclick.net 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.xgcartoon.com d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
24	static.criteo.net	ads.eu.criteo.com cdnjs.cloudflare.com static.criteo.net
22	securepubads.g.doubleclick.net	cdn.ampproject.org www.xgcartoon.com 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
10	s0.2mdn.net	www.xgcartoon.com s0.2mdn.net
9	www.googletagservices.com	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com	cdn.ampproject.org
5	www.google.com	51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal900024.redintelligence.net	1 redirects d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com hal900024.redintelligence.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	csm.eu.criteo.net	ads.eu.criteo.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	an.yandex.ru	2 redirects
3	im.bluevoox.com	3 redirects
3	cat.fr3.eu.criteo.com	ads.eu.criteo.com
3	ads.eu.criteo.com	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	x.bidswitch.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	googleads4.g.doubleclick.net	www.xgcartoon.com
2	b1sync.zemanta.com	2 redirects
2	id5-sync.com	googleads.g.doubleclick.net 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
2	sync.inmobi.com	2 redirects
2	eb2.3lift.com	2 redirects
2	sync.srv.stackadapt.com	2 redirects
2	rtb.fr3.eu.criteo.com	25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
2	d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	match.sharethrough.com	d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
1	cs.chocolateplatform.com	d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
1	ssum-sec.casalemedia.com	1 redirects
1	r.turn.com	d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	cdn.contentspread.net	hal900024.redintelligence.net
1	ajax.googleapis.com	hal900024.redintelligence.net
1	hal9000.redintelligence.net	d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net
1	m.exactag.com	51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
1	ads.yieldmo.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	a.c.appier.net	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	ssbsync.smartadserver.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
231	52

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G4	`2023-09-24` - `2024-10-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
contentspread.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh
*.chocolateplatform.com ZeroSSL RSA Domain Secure Site CA	`2023-04-03` - `2024-04-02`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh

This page contains 32 frames:

Primary Page: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Frame ID: 95D6FE52ECFC05E2F2A7E13774FB0522
Requests: 38 HTTP requests in this frame

Frame: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 49F901B518ACA2CF8B19A42D764ABDF1
Requests: 9 HTTP requests in this frame

Frame: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 4C0F42C94586F625E577EB67582C5701
Requests: 11 HTTP requests in this frame

Frame: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: D782CB3EDCC154398E9BCF288065DFB1
Requests: 10 HTTP requests in this frame

Frame: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 9EA5E0A0C7902B5CEF7E2E311EC5AEFE
Requests: 11 HTTP requests in this frame

Frame: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 722621DF12A9AA9CA38240B0F65AE932
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AQAFzDUH_ZLxAAnP29gsJurSGWIajgnrHQ&u=%7CVjCLEMnXszA2%2FbomWwYQ4bELHKQiKIFlc1lJokNF6cU%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeADbhdH8Fc-YRvxkVOMfT2HV8Z5p2aRMyOV_qRsdwwhuZT9n983vOKhURrejdc9AtU5D51CJ_KKd5qsvJOKOHQ0_zV7sigODoI-1wVHXVUEzX0Of-r0Nsm_3eChr-edF_zv-y-v_hM9IxOICBWlLJ8zpRMG7MjIUKt3Mtj9CE02qrJSFQGTUYlQV2h1q4yaWRMsgOhFOmT7SHmNQIPUU6oWGGAxG9lHi2XsQO1zHUp_5fO-XFCWu1Si4CRdTOGF0-p76dOyiSAMd0cdCkaq1rLKM_81C8LCYvPjzJKyxE_ovyEEDiteonmcZvE7YJmt3CkhVmsVXLMokdAA8yNA0wvEtEfP8Y8FcKB46x0gFUu_5ttcREjZ8FNZM_J-GWgzM32AwDwwpc1KqnjqarqT4ZI00Tp4ps3KCfxC2dfujKkgUndkX3P6o8o1ZXyMYkoA_mZ1_yUyi9Ze65TGSzWTHdwqoJjptfUXarkefCXRzi43AFNkLVBiJ1VjZ05RioLdR5NcS-xRRxP8aKyMuVbousQ0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHOpEAXUZZbWYF_Gl9u8P25-n0AXJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_QmMBPKWhpOzXnCenUL9cYNQkxc4SIRPpjfe7-atmqzZJDiSgnmDGQirL7yv99nZE2GRqPsbXV1t5q4RSFxuHOqciX8AzDJ-hzEmK1nkdl75UN9kydyWQRYdWwMNx4IDXorQZcmMesjeW4ctmG8_EUBiqlbAxoHCuxBOpHtXGlrfjkCjYglhwmABUC6s8GlHbJtS1EXibVGOBh_eknyuzkuxWNLKj_BVLTB2LUMTSE1ex51G6V_Rs1t07Mn45EEQ_1wgzmgPRWRsZNow2yFKV74f9ir3DajjE2n15g4N9x1MPyvyESw-TSEVXkZcxtilHac6LUEoujmPeYfhLqG0CX0A2W2mGtdMvpUQ1iQI3UU5lmpEPb2dL_dPmuJMy3n8Hx9SnHEwqrirhdjVpfv-4jgEMPlrS6ZeUq-P28iM3LAlPh-Gg9fBDoSmiCQG9meYwpeHoKsgkfHGUoVljCPEZw4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_367sQGZYZZ4k-8ZCQWgBZ3x3QGng%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: A9F23825F54CECA2FA524F1780107D24
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AAAMg6sH_ZJQAAXL6fQej1F1SIQYp5HPGg&u=%7CVjCLEMnXszDDpp1mxdu5qZUaZOiFGi81JpA4MVI3mNc%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeB6d077U1S4-WIqVNP7SjfP4hDgUDoiDx9o-B7f7EBxqVEPQ6ycSnruCluXnEdSnfqqMJUrovIN6REH0LfifL9b-eCw-_UKb-bxmXq84WP-fPnAFkHyY32Wjb8NVWWKmPIDLHgaDV7qwcPm0Vmh1O0VJEoMAPMwURo12fSZubS58xRGTXN_BpaBmKCPMovdFzFcKghAlJQLY10ATdzwVGzfsjqKGJx9YYKPYgCRNyVGBXTNLYWuy5vNbi2cCP-eAWUJJTqSWWlFU2Zh1mXRXKJfvqlF6R4i3AjWJRyS26CcCHCTlw0yGwLjQrt2FZF8nWaQlyz3ES7ekyf5WFLRCuTIOR6SjpT06FTf5_XEif7ys09AARGDYJZXU9XBIEuh-1RuuBMDNlM-aTnGodN1U1T7QorkCJyOPaWcM3InaiuWFV-OIqE6YitiJuqgLQfcNvjMYPxxBiYplqktN9ugJycR1kObi4AWYXDkeorT_LG1Zh4aNAxDQ43ptFdlHoHGWojVYQul7BU5WpK4eyrvfQA-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqwO2AHUZZauHMtCk9u8P6ZeX2AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_Qk4W6WIoRGcYwOmC4BbFRXH4jtxSLBctAsC5JjXW0gwrXgSBtpj5GUx_L5pYBUGFQ5wB7izKC58QZpDET7fs-a15wd0aF3yPPrMPKejOPN0Ekt2d1a-ia-CUEtq9bfjjq4-hX5grMhBr-2ip8R5GUPtZ9DFmQJ7xCZx_qeAztXLPVDfr3cQCatB4sdxF1C5dpCcxT5DGFttkXCPDzmytqlAwpOI6bkd0SAcB2FPj7xNNQCc7Tr-0ptMuIB52755ztuYHyT9BkScRIUYdFWu3i6D-nLVfgLtE559r8nxGEOrD5AaoAlU_RBqYgX3Q1VmK4GJcskUirFbZDuLz8cefe4I3HmMLQxKJNcnMT_ng-sCTV5aqsGCf2tI9oGW8NDw6E_kpUZMGPyqvKDNcPtbl0I1Se7KMVlWgD1J4u2vWegM4SKDiAUwXA10S009qt_J5cB2_bflGDeXdIPW45TlMk4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0JJPiRIp5nzIqoHQgMvynkGJo1QQ%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 243FD24C404435FAA1BC817BEE5A3AC5
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html
Frame ID: CE938B6821DEF0A2DE891794D177F73B
Requests: 1 HTTP requests in this frame

Frame: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8BD1FCB22EA0AA8E8D357CC6C63E6B2F
Requests: 1 HTTP requests in this frame

Frame: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DE1B34D167B93D145622200DB9D598FD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680
Frame ID: 925FD82343132210418096EE0368D0A6
Requests: 7 HTTP requests in this frame

Frame: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 9C757B2C9310DC2A7569615B29389488
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhjlzufbATAB&v=APEucNWLkJVtRWfrJG8cMqaPaJF6g918Pd7PoRes4AMBWzR_S6A5klTYMCdExoOU5NjUNiMqHjU0IckWIE17BgyziEWSaVJ5cw
Frame ID: 69269B7CE34B3B957F2FE8E541F8A194
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuyiVUz1B9ngnCS4JXiKBJz66Kdb6YSM2jeOVvYwonbL9jPXNFXw4YOT22c-JeSBhJbaCvn0FvnUap4-lPyep6Ct_LG5ZrICGm45aiN6-3xjy8AQsw8z_jxcawARAAhMjH8G_DbC_DZDRHKHUu_cLAuhVqWzLzPwXCZB4g2uZ31xv4vjfTKfCUQQ2PZxP3lhFWo_Jzp5gL0AZF7eFK_qwnPm2ML_j4V-38f9la8EkC-QZ5ycc7G74VUR6adeGxLJlRLEwmbyO_0KdFD2ih24sR36k0HvkwCshunufpJ-9SjOHJspsh3If-uxYTZAwvDsnPSHKCUFCerEdBh3ubCQkz8VfYKG-YWmyPQbaUbyYjpxmI&sai=AMfl-YRJZCr3EGUJGx7e3STxk1XJw0v93m677npAnEf0sXGgmXg08PJKYjOGXjUGu-bP7nnLh9uM6osDiX8ZG36dhKgRoaa-HcjJZ1ABnQ&sig=Cg0ArKJSzMrGxqvY6_HJEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 2687BAB33BE2CA0DC4258768B986B0A7
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91D9A07ACCE7FADF95C55E6D808CD4D3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 433F38B0ED642C37505C30CFEC9E5BE3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AD13F7C6135067451AA821B747F42902
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FB98ED4DC139A5050439639C7210C656
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AwAE4JAKwlmaAAKG6yto22mJ_wg1Xt6T-A&u=%7C8JdfMqyD1%2B%2BdM5T5GAZmDSq1gf3mS30Phq2qHpI9sSI%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqcx_AYOCxtp-MNsF8AoBa0NrZYBBTSBw16G064Zwnkw3xehnsuvV19gYHtBr9LIsbEQBDKNr3VmOG7tAy5GwzT1c5uYsnv_W8xmqVZQwjsg5DvXUXigALu6ZSFUaDrTKI11tNONlvZTWHqaS3TFEDNRyO2LZcf35r2dOUIbND0XmGyry8UCkUAaNo93CRf0rGmURqrApDqbroxqUB5V3QskO51uf6-_U2qTDpZQZcZcHtnKBB66_rJikXV4ZgmhRPEX1fUmMf99q8RU2b9uUF6RkoSj2Lzm3WPuvLjTNDnuVGqeEbFCK_QIZfy_XS5I_BG0ElpoJCA9Hp4E9OJddQl3oQe0O7QiB5-aFLYbKcD_45dSgVo0q3lzAtftMNdfPAkUHQLdz-LN78vxGO4zt0Eh3Xhul9FV9Rjz8JsPPm_iLEGTDfJI6ewwADu62tl9yZb8FuKhlpMH3njozn-Xf7q0JuzRxOgQVH2hWLZD6u4RYTeBqTj6NsuqWuN_rSb8yHkOsT1wPD3I4AvANWIhbE9DpIwFlhdJ8f_Mg8_R0xd4CNxZQ2RMe53TYlmCAGUMjcWkOgEyfZCeDMBVjgLxIAgJg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFiyWA3UZZZDBE5qziQbrjYqoBsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5k5SORi9sT6oAwHIAwKqBM4BT9AlhD8O7Tax9xdDXwbZ6rixvd5_APs5qlMaFRoo6k8mUsQd5KMBz1stAxj8W1TpeWqorlB0-5boairpvO3hGGzrj5z-PWVAdT64f7M4JjypiVxG20rCLVzILSx8aGSaxDgHOHbi4rYxrjp7epMdHkjBe1-rzOgHWkvVJ9jqZqfJx_bEIsIfrSWJ3Sm8JcSPaIFQVz-JhnnZtPxLgurN40g7AxYJh1Gn__yedfwCWj8BCvpxFWhg79k6xLkd-PmKVJvybw7VlNb88SCsdluABqeKgPnDldn8vQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2CG8JGLpHjsbslxlreMGpiHgX8kg%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 7489EFC37A382CFB13B9FC248E9C7F2B
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C454DEB01365DBD94F15BB8EE5B943E6
Requests: 9 HTTP requests in this frame

Frame: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FE25FDA6E1E594223B6F4DEF9E7052EF
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6CB446DDD44C46B4BF05A99A28F80D4B
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNVE_9hKiJtEAOlddCsF9PJDIYJTKzTcRcRcZgcyMcWFlW-Rrz14uX75iE6bOOEaK00AJMnvDYG1E4taKLw-h6hF2GzLUg
Frame ID: 2F3C9FB4AA804D5D0A3D21E247565E2E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B2250C115C32B4F313CAD4457A3E2A5E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
Frame ID: EEAA3467DE4AC867D5935D0D4AF79868
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8E3FE0EDB4A12758B38F39B7DC7CC17B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DDBE686DD61F16FB54C8C11379EF0D39
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 37CF405B375937AF0D334B4FDCF8FCEE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js
Frame ID: 7D4231A43B08703ABC395606771F4972
Requests: 1 HTTP requests in this frame

Frame: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af
Frame ID: 41523C9D4CA9937B43A8F96540ED431A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3CBAE538E714358689915A2D73D3FA30
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍹黑子的籃球【劇場版】LAST GAME（幻影籃球王劇場版終極一戰）【粵語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

231
Requests

88 %
HTTPS

46 %
IPv6

36
Domains

52
Subdomains

36
IPs

9
Countries

2899 kB
Transfer

7176 kB
Size

37
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1

Request Chain 116

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRl1A.2SgqUG5y.vjE9BPgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1&google_hm=2

Request Chain 149

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 150

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESECqIU9GW3AQ3nnQan92tAI4&google_cver=1&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3tVGpyayRsADgoW2w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3tVGpyayRsADgoW2w

Request Chain 151

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFc9rYPMbEHEzh4VcWlH4G8&google_cver=1&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN&google_gid=CAESEFc9rYPMbEHEzh4VcWlH4G8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIwOTYxNDk2NjA4OTc3MTg5MjAx&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN

Request Chain 152

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPCeaBbNCST1S_WjUZsNDgI&google_cver=1&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJLJIRljGnZJvYgWHW5w-_X71Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJLJIRljGnZJvYgWHW5w-_X71Q&google_hm=MzUzOTg4MDk0NjAwOTg4NTcyNQ%3D%3D

Request Chain 153

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiOAM2s-MlEnHB_03oyV7eNFCFejNLNZkjNrcsP3PYmKUUZF4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiOAM2s-MlEnHB_03oyV7eNFCFejNLNZkjNrcsP3PYmKUUZF4&google_hm=QlMuMTc0YS1jMTk0LTQ1YTYtYjZjYg==

Request Chain 154

https://sync.inmobi.com/gob?google_gid=CAESEHmBwcBQD_kdOhVG_QAVLIA&google_cver=1&google_push=AXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPWNTi1KJjYh1jlM4UF8baYN8pCL_lSRKX5HEN7RSlj2H31V4wpBrB9PvM HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPWNTi1KJjYh1jlM4UF8baYN8pCL_lSRKX5HEN7RSlj2H31V4wpBrB9PvM

Request Chain 155

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEDVK0GXSfU0enjt87-VL-uM&google_cver=1&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24 HTTP 302
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEDVK0GXSfU0enjt87-VL-uM&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24&google_hm=WE9pS3R3eXgwbUxubkl3V1I2aEE=

Request Chain 171

https://a.c.appier.net/gcm?google_gid=CAESECB9ow8eBmnyBHNHZXQhWM0&google_cver=1&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRtyQgNDkeujMJk8mZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dmFpVW12RzRBUTZXYURYa0JYVVpaUQ%3D%3D&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRtyQgNDkeujMJk8mZ

Request Chain 172

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESECqIU9GW3AQ3nnQan92tAI4&google_cver=1&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM6efZCbStF8dqg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM6efZCbStF8dqg

Request Chain 173

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2Qei_YIBAG7mhMkNJYN%26google_hm%3D%5BUID%5D&google_gid=CAESEN7Oz_jjDaZXNubuTycTxZc&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2Qei_YIBAG7mhMkNJYN&google_hm=abb93801-098d-49ed-b245-5a6bea8734d9

Request Chain 174

https://ads.yieldmo.com/exptsync?google_gid=CAESEEbuXGX8BczGaxNkOcsJb_A&google_cver=1&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0&google_hm=M2VFQnBFRVBQeUVaYlgxNFphdG0=

Request Chain 175

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHmHGhuQmfb9ehs5odBDZk3IIEzZrXggLeMUHwkd-FzbbWPQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHmHGhuQmfb9ehs5odBDZk3IIEzZrXggLeMUHwkd-FzbbWPQ&google_hm=QlMuMzg4Mi04NDY5LTQzY2MtYWRlMQ==

Request Chain 176

https://sync.inmobi.com/gob?google_gid=CAESEHmBwcBQD_kdOhVG_QAVLIA&google_cver=1&google_push=AXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8XjnaBFPancPsiVN3emkL5wEOTE1tzzpyZRYUlS4bbmQEx42VRlS3jo HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8XjnaBFPancPsiVN3emkL5wEOTE1tzzpyZRYUlS4bbmQEx42VRlS3jo

Request Chain 177

https://an.yandex.ru/mapuid/google/CAESELpkWQqq-T76HrU42Q0jnVI?ext-param=AXcoOmQFEYp8srOjTGBKLu5v39OYoDAAtpf89nPn6PY8EYUIFoXzfQQa6NH3PBqs36aZp0XRXuPzAyMXMb3sLNro2HZRh9fsiwVtSA&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESELpkWQqq-T76HrU42Q0jnVI?redir-setuniq=1&ext-param=AXcoOmQFEYp8srOjTGBKLu5v39OYoDAAtpf89nPn6PY8EYUIFoXzfQQa6NH3PBqs36aZp0XRXuPzAyMXMb3sLNro2HZRh9fsiwVtSA&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESELpkWQqq-T76HrU42Q0jnVI&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECGnwflJUyu0NkxMBDWFGmA&google_cver=1

Request Chain 183

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2MDU1NjIzNzQyOTE1ODk2Ng%3D%3D

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFTqVgleedi23QBMysU6zcA&google_cver=1

Request Chain 185

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWVlMTc3Y2QtOTRlZS0yZDJjLWYyMTMtOWNhMzFhODNjNjYx

Request Chain 201

https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D&documentReferer=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8923243553936&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D&documentReferer=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8923243553936&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 226

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1&google_push=AXcoOmRIl7kvBc8oC91Fr567fpr0dZF35QEDo0JPbjqLgz5dosn8r17LugBGtO98-P4IuwYQRczp0GQYcXKKHBCHH8JpVuzjGuQA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU1MjU2MjIyMTQ3MzI2NTI5MA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1

Request Chain 227

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENTBF33pvvFfMe9VBds41yE&google_cver=1&google_push=AXcoOmRYSX9jD0QyAV8MEYLPflfpaf4DydTsqaP3YhAKsLs7tZO0KYbJIvN37dld2RTfGv6CA8ykf9E9JoeerVIlJP02d9WyIM3D HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENTBF33pvvFfMe9VBds41yE&google_cver=1&google_push=AXcoOmRYSX9jD0QyAV8MEYLPflfpaf4DydTsqaP3YhAKsLs7tZO0KYbJIvN37dld2RTfGv6CA8ykf9E9JoeerVIlJP02d9WyIM3D&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QoUsa-rTQ26dfiWRfpZDCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmRYSX9jD0QyAV8MEYLPflfpaf4DydTsqaP3YhAKsLs7tZO0KYbJIvN37dld2RTfGv6CA8ykf9E9JoeerVIlJP02d9WyIM3D

Request Chain 228

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_cver=1&google_push=AXcoOmQ0Ai25G-RKfucpRoTKycgKsfNFz0ZtbaEF4KxS6w35PHpP0FekYIFPIcPVO8Cjr8jSTOlYem6gxJr3ymYzsTUrL2o55Rvn HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_hm=ZRl1A-2SgqUG5y-vjE9BPgAACK8AAAIB&google_nid=index&google_push=AXcoOmQ0Ai25G-RKfucpRoTKycgKsfNFz0ZtbaEF4KxS6w35PHpP0FekYIFPIcPVO8Cjr8jSTOlYem6gxJr3ymYzsTUrL2o55Rvn

Request Chain 230

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9eTZbp16KHu0lfD0F-ZkKM8Xs8_xWD18RczX5paEu0AP9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9eTZbp16KHu0lfD0F-ZkKM8Xs8_xWD18RczX5paEu0AP9&google_hm=QlMuMGU2Yi0zYjY2LTRiZDktODU3OQ==

Request Chain 232

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEEn9vMnwx4es4oqU-NZhEEU&google_cver=1&google_push=AXcoOmSZL9ejg68Dxv5KaKDgD4zotk0gfEx89DDDj42tfgN6axsmJJP9asI7fVr99mJK_yqPG9OtdI062lxBPLRreh-a5c9NZZf5Ig HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEEn9vMnwx4es4oqU-NZhEEU&google_cver=1&google_push=AXcoOmSZL9ejg68Dxv5KaKDgD4zotk0gfEx89DDDj42tfgN6axsmJJP9asI7fVr99mJK_yqPG9OtdI062lxBPLRreh-a5c9NZZf5Ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e5e2e83c-8346-450c-863f-f51ac079347e&%%GOOGLE_PUSH_PAIR%%

231 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun Show response
www.xgcartoon.com/detail/ 76 KB
17 KB 797ms
390ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5102f338a0cfe2d8cb91d88a20f0fc0d331f1cb87efd62fc339dc6a7c5952183

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 01 Oct 2023 13:32:47 GMT
etag: "12fca-ZE2nJjWD4ppwJ/PPCn9SpFskHs0"
expires: Sun, 01 Oct 2023 13:33:47 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
71 KB 168ms
94ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb674de5636ad731f83bbd141aaac1337fd1539cf7976b59f7dbf17730c1dac6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73010
x-xss-protection: 0
server: sffe
etag: "b44d49b4390daba4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
24 KB 131ms
58ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6f226bf73d309afec0f8136aadcd4c31a5fb38158edc76f2be201529cea88e4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23140
x-xss-protection: 0
server: sffe
etag: "f5b07adb469547c2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 159ms
89ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa1305d7baebcaaca830bdaa875d69c9ffaf511c107d90d6c94d505589d6dc67

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9433
x-xss-protection: 0
server: sffe
etag: "b14eeeba16ce92c6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 50 KB
15 KB 136ms
66ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c849575fe72d56d0355d4e41ce8eab134584f902f1e6e6e929c6b5c73e0f1b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14981
x-xss-protection: 0
server: sffe
etag: "a6229935c5b0422a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 171ms
101ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3fe2201aeda9050d5a049b03528e35c36bc20298f05b3e5e2a3574c385b683d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15378
x-xss-protection: 0
server: sffe
etag: "3b480126f8007a6f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 149ms
80ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b99ee275208ffdee7bbd9fdaade2698a3709c3fd608d82d9670ecdc7e05d132d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4743
x-xss-protection: 0
server: sffe
etag: "603c8b5d2fa04c60"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cefd5bd9a30367cb1a5e8dc7168f1515a31a53786b415865c867c221c74b5ace

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10347
x-xss-protection: 0
server: sffe
etag: "a73f5bd113ba16d2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b22b527a652c53284f5339711a08c2ef2667565d35c09e38f835593e2fdea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sun, 01 Oct 2023 13:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32178
x-xss-protection: 0
server: sffe
etag: "ecb8b9e35f89310d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 01 Oct 2023 13:32:48 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
468 B 225ms
154ms Image
image/gif 104.20.218.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.218.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 80f512e1fba12c4f-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 247ms
246ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Sun, 01 Oct 2023 13:35:48 GMT

GET
H2 200 heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun.jpg
static-a.xgcartoon.com/cover/ 168 KB
169 KB 1196ms
1108ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 631bd55599a6b4f749afa794e175c34ead00ba79ea0fa4bcd9f4e41279bc69fb

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Jun 2023 03:58:58 GMT
server: cloudflare
etag: "020B14F84A6F15B2E8A15313F504F82F"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 80f512e40ef9363d-FRA
content-length: 172522
expires: Mon, 02 Oct 2023 09:54:26 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 211ms
210ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Sun, 01 Oct 2023 13:35:48 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 213ms
212ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Sun, 01 Oct 2023 13:35:48 GMT

GET
H2 200 weiwodushenguoyu-aotianwuhen.jpg
static-a.xgcartoon.com/cover/ 82 KB
82 KB 1241ms
1154ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/weiwodushenguoyu-aotianwuhen.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e496d61e94e0369b7bb47cb8dff49326496b947ecb07653a3b7c3796589dccb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Jul 2023 07:26:47 GMT
server: cloudflare
etag: "BCDDB109A6C87FAB577418A4C9CF7C4D"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 80f512e40efe363d-FRA
content-length: 84086
expires: Wed, 04 Oct 2023 13:04:13 GMT

GET
H2 200 zuiqiangwaimaitianshen_dongtaimanhua_dierji-maoyudaidai.jpg
static-a.xgcartoon.com/cover/ 20 KB
20 KB 391ms
304ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/zuiqiangwaimaitianshen_dongtaimanhua_dierji-maoyudaidai.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b431ea6401b099afea58e8018c73407e936028d492d07129d593a4b2a8e828b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Fri, 23 Dec 2022 23:58:33 GMT
server: cloudflare
etag: "CD508A531C42FD8A05826A1F12BBD0EB"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 80f512e40efa363d-FRA
content-length: 20565
expires: Wed, 04 Oct 2023 10:54:14 GMT

GET
H2 200 zhandouyuanpaiqianzhongriyu-xiaoxiamu.jpg
static-a.xgcartoon.com/cover/ 72 KB
72 KB 121ms
34ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/zhandouyuanpaiqianzhongriyu-xiaoxiamu.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ba1f44d5f89431a9f2bc65f3704d8b6356c6c7ff6c73923d8e9c24a168f02ca

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:48 GMT
cf-cache-status: HIT
last-modified: Fri, 09 Sep 2022 14:42:40 GMT
server: cloudflare
age: 5485
etag: "85A9DCD68D439BAB48DCA323E3671D4A"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 80f512e40efd363d-FRA
content-length: 73869
expires: Sun, 01 Oct 2023 13:02:30 GMT

GET
H2 200 chongchongyulonglongguoyu-shanghaixuandongkatong.jpg
static-a.xgcartoon.com/cover/ 52 KB
52 KB 1170ms
1083ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/chongchongyulonglongguoyu-shanghaixuandongkatong.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 761e10becd59cb46d531b0fa4dbc030e4808fd8480d74f79e7280b74e94cd087

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
cf-cache-status: HIT
last-modified: Wed, 28 Jun 2023 02:21:04 GMT
server: cloudflare
etag: "5453D5C20C84E35D9E38F0BBD3FCA980"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 80f512e40efc363d-FRA
content-length: 53139
expires: Wed, 04 Oct 2023 04:48:26 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 8 KB
3 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141a9b0b0492c8b4e7deb1e0537c69d01a3af169bf0c6e3a70c027856fdcedf4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 410494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2976
x-xss-protection: 0
server: sffe
etag: "07fb3dc7eac63481"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 237 KB
63 KB 50ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aa4a7bb3250246172fb936a76cad3eda063687abf10aeef1780a2fb659a9abc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 410494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64071
x-xss-protection: 0
server: sffe
etag: "554c2edaf6ccd50b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 12 KB
4 KB 55ms
34ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce5d2c5db39edc66c10096838a6c9c92a20e3d2b3f1f19a274bbd2848a8f2e07

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 410494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3936
x-xss-protection: 0
server: sffe
etag: "3d96bab6a7d5a37d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
14 KB 855ms
797ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=696006950&ga_cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ga_hid=6950&dt=1696167168713&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=479&dtd=12&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b10ad87959b9142d17e75d70cea677849caace5f21239f86cfe70ad01fb3a8c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14173
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CPWc8Yz71IEDFfGS_Qcd288JWg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sun, 01 Oct 2023 13:32:49 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 1223ms
1167ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=837&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=696006950&ga_cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ga_hid=6950&dt=1696167168713&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=479&dtd=15&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

044794d5b2086e61ff0e08862bc1ec1b4f55e1b8a57b44cb5a6844c5e8ee175a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23463
x-xss-protection: 0
google-lineitem-id: 6137563877
x-qqid: CKrJzoz71IEDFY6f_Qcdj4oD6A
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138372822859
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sun, 01 Oct 2023 13:32:49 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 672ms
618ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=696006950&ga_cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ga_hid=6950&dt=1696167168713&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=479&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4be2b6d3cc80ed5eb84eda3459016956c248cfc06fd5f441fbbf9ca7b0deb167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 120x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13220
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CKyszoz71IEDFYef_Qcd5ZIF_Q
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138351399041
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sun, 01 Oct 2023 13:32:49 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 1056ms
1002ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=696006950&ga_cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ga_hid=6950&dt=1696167168713&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=479&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4953974fc5b9af53da78d8b5d3ae4f985e037b4edfa2d29f6d9ad42207eab4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23471
x-xss-protection: 0
google-lineitem-id: 6350518038
x-qqid: CMq1zoz71IEDFT_huwgd6ZYJ_Q
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138440647307
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sun, 01 Oct 2023 13:32:49 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
15 KB 325ms
272ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=1033&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=696006950&ga_cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ga_hid=6950&dt=1696167168713&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=479&dtd=19&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0632628c2ee2ddbdd4aae6d02c09863d739a6b9a2cb7c6e104e42fe47f5efff1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14135
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CKuHz4z71IEDFVCS_Qcd6csFmw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sun, 01 Oct 2023 13:32:49 GMT

GET
H2 200 container.html
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 93ms
29ms Other
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012309151607000/v0/analytics-vendors/ 2 KB
886 B 22ms
22ms Fetch
application/json 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:01 GMT
age: 410508
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "299923aefdac6510"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:01 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 208ms
208ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:49 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Sun, 01 Oct 2023 13:35:49 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 97ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=6950&cid=amp-UDB0LsyU6PIE9FdO6lhrTA&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&dr=&dt=%F0%9F%8D%B9%E9%BB%91%E5%AD%90%E7%9A%84%E7%B1%83%E7%90%83%E3%80%90%E5%8A%87%E5%A0%B4%E7%89%88%E3%80%91LAST%20GAME%EF%BC%88%E5%B9%BB%E5%BD%B1%E7%B1%83%E7%90%83%E7%8E%8B%E5%8A%87%E5%A0%B4%E7%89%88%20%E7%B5%82%E6%A5%B5%E4%B8%80%E6%88%B0%EF%BC%89%E3%80%90%E7%B2%B5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1696167170&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 49F9 6 KB
3 KB 30ms
29ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 30 Sep 2024 13:32:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4C0F 6 KB
3 KB 28ms
26ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 30 Sep 2024 13:32:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D782 6 KB
3 KB 29ms
28ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 30 Sep 2024 13:32:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9EA5 6 KB
3 KB 26ms
26ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 30 Sep 2024 13:32:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7226 6 KB
3 KB 24ms
24ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 30 Sep 2024 13:32:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A9F2 51 KB
20 KB 198ms
88ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AQAFzDUH_ZLxAAnP29gsJurSGWIajgnrHQ&u=%7CVjCLEMnXszA2%2FbomWwYQ4bELHKQiKIFlc1lJokNF6cU%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeADbhdH8Fc-YRvxkVOMfT2HV8Z5p2aRMyOV_qRsdwwhuZT9n983vOKhURrejdc9AtU5D51CJ_KKd5qsvJOKOHQ0_zV7sigODoI-1wVHXVUEzX0Of-r0Nsm_3eChr-edF_zv-y-v_hM9IxOICBWlLJ8zpRMG7MjIUKt3Mtj9CE02qrJSFQGTUYlQV2h1q4yaWRMsgOhFOmT7SHmNQIPUU6oWGGAxG9lHi2XsQO1zHUp_5fO-XFCWu1Si4CRdTOGF0-p76dOyiSAMd0cdCkaq1rLKM_81C8LCYvPjzJKyxE_ovyEEDiteonmcZvE7YJmt3CkhVmsVXLMokdAA8yNA0wvEtEfP8Y8FcKB46x0gFUu_5ttcREjZ8FNZM_J-GWgzM32AwDwwpc1KqnjqarqT4ZI00Tp4ps3KCfxC2dfujKkgUndkX3P6o8o1ZXyMYkoA_mZ1_yUyi9Ze65TGSzWTHdwqoJjptfUXarkefCXRzi43AFNkLVBiJ1VjZ05RioLdR5NcS-xRRxP8aKyMuVbousQ0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHOpEAXUZZbWYF_Gl9u8P25-n0AXJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_QmMBPKWhpOzXnCenUL9cYNQkxc4SIRPpjfe7-atmqzZJDiSgnmDGQirL7yv99nZE2GRqPsbXV1t5q4RSFxuHOqciX8AzDJ-hzEmK1nkdl75UN9kydyWQRYdWwMNx4IDXorQZcmMesjeW4ctmG8_EUBiqlbAxoHCuxBOpHtXGlrfjkCjYglhwmABUC6s8GlHbJtS1EXibVGOBh_eknyuzkuxWNLKj_BVLTB2LUMTSE1ex51G6V_Rs1t07Mn45EEQ_1wgzmgPRWRsZNow2yFKV74f9ir3DajjE2n15g4N9x1MPyvyESw-TSEVXkZcxtilHac6LUEoujmPeYfhLqG0CX0A2W2mGtdMvpUQ1iQI3UU5lmpEPb2dL_dPmuJMy3n8Hx9SnHEwqrirhdjVpfv-4jgEMPlrS6ZeUq-P28iM3LAlPh-Gg9fBDoSmiCQG9meYwpeHoKsgkfHGUoVljCPEZw4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_367sQGZYZZ4k-8ZCQWgBZ3x3QGng%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bfa975de82450990afb29ab704aa41faba3794956a29995d8520d7d7d5e8d584

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:50 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=K42Mg4p35Wth0BL44GQQCMPAmdK8cIFRkbO8ltcm3wjUjHWeyyMP9CPymva-aKMje8e06mwjcpck_aKKMkH68rftlZUvAzSriPEPL6fxoWyd2_yrHSm7HC2D6otQJugNo_gItgDCquFeSo4XwTYxgm7bN8x0dOsa77Q7sG1eb_Ts2rvuY_W0vaPepYOw_8fBAUdspCFeYajRlIwEvAd_qmuZthFztBVS1mNNHIvXmtnt0cqMoXLcqkdr3Il8XbMzf6J5ow"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2970832
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 49F9 3 KB
1 KB 104ms
27ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 18:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 18:28:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 49F9 20 KB
8 KB 98ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 10:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11689
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 15 Oct 2023 10:18:01 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 49F9 24 KB
7 KB 118ms
41ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263182
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 49F9 182 KB
58 KB 112ms
37ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4C0F 97 KB
29 KB 150ms
149ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

705a8ad3f71ed2d8e6700ca1dbee8d5579b21f4a619b5c127e70c1417fe7882d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29337
x-xss-protection: 0
server: cafe
etag: 197 / 19631 / m202309260101 / config-hash: 9162079683277741110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4C0F 182 KB
57 KB 128ms
72ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4C0F 0
293 B 77ms
77ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaucN5VgT1YJV80mKrs7Kcv2_vZeHxzoPwqeGQGQCTcsb-jJu2lwvcltUK9PRUNc7g8o--MOcPwYn5DWFec8jCLQDwB6RFCJoSjSeU2EY4rZXMnO9mcpRC27NrRlzZUQgQ9tJNy9kBEjrnXw21Y8AVhePH9pZbwjzfasaskrtVsqn-V4lhUIvHOq2hb5BSkKvsbcyhiVazggltXE1D1waII0grlS6Ix6kE2RbsC2meV75CG--v7QEvLAQItlVQXI-3Ct4QP5DDqPZRGNd6mRQcH8fAy18PjoxGhb8kcFCe02rA3GU4Nj7qWUd9MIam9i4Za3AJ77fUta1ucWvGmFZzBpeKLUqEddSnsrSHu-xfmsPI&sai=AMfl-YQn-cJ1wBzFZOgFLiqn2T4AF1BkP9Nkn-67bk5NXvg0xFu6DbEdNwWlX3O6sAgLoOSgI1NEDUZNHYAKD0s&sig=Cg0ArKJSzIR1Guimqn46EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame D782 18 KB
8 KB 167ms
95ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

498ee800a8ee6107b6790dae81bff981167c7a6dd3fc749c7d99cdf3870acae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7883
x-xss-protection: 0
server: cafe
etag: 4807037133460908799
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D782 182 KB
57 KB 137ms
93ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D782 0
461 B 59ms
59ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstI0jSqP45Lju1Rz6Ou_EAaZwBE4oAZTm5kKPci-VUJsxwudq1obbrp6zcf82YjFbjBpSEr7z-VPE8MMaDmlCh0wVlqnp1JbnX6ASBR4EESYUI91AB99f54wFSVH1L4FST7oMVX69Ogae8fG0AxVxN2tPNyzwLt4_JBz-yawkZsaRdriZ9sx-ebLMbbwVc7xO7eAj-UrlWVYcuonn487hFY38AwsmpMvzRasTLYf-_zXpmrNHRO2HY6GJv9dy1qLsqegBDQLQDmHm5p5hDnkg2e1pIxv7zmzNtg8QOLwpxcP7TuLsCQNrNCqWeyQBMFi83nmUIqKpH6eE9H7iKzAgMThZyLjdlwm3_VjslQ&sai=AMfl-YTUCwDqPVlinm1CypXe6Xl55PmJhlF5vpd2xP27W0UtOv4M5vOBjLSlZ9UfJ1aCRhSQMqnWiu1gwFAQ6Ek&sig=Cg0ArKJSzI29EYm2395MEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9EA5 97 KB
29 KB 137ms
136ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a1c3c8f4b39395d9549215181f507b8637e0fdd3135142e54d3840854011f93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
server: cafe
etag: 865 / 19631 / m202309260101 / config-hash: 9162079683277741110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9EA5 182 KB
57 KB 146ms
115ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9EA5 0
292 B 62ms
62ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumCTItRKvbTKB3gO2vq9Dq9x4umx4xd3DcZUq1bzC0E1YGiXAjfncOYHZlY-pOcSt8AqWMCnNrFQNSY87vhGm1-Qq0tZGnipFNcTfGXUhFxS30d-xCdb2EP1DtW1isUNw5i8aqgCajaI6Tl42cIZEHNz2Z1QLk9W3PQS8_yVOo4ELaAUsQt-Xx9Lr_ZWrlfR3NKKKdooqYISd6hgaqB6gKa-VTS1mW025PgtpGXQTsneGLjlsHU8vTLi0lcOh-EMXa6_utr8cR9MJGc12It-v4TgMXqm-WibcAaf4J42vpMciTBpqDAfLOBb7KnAfaF2OP76mzIWZCfSOY2TArzL6PugDQLNF7PokieISQXwZ346s&sai=AMfl-YSmfQcxzJqpD2Ave8zMl4gleRY_1llLbuDXBQPn7jkirrHkbmGcIVszJfZ7PLg7ulZxqyN3xAMEAbl1SxU&sig=Cg0ArKJSzNQ_pAyNo_BVEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 243F 49 KB
19 KB 151ms
95ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AAAMg6sH_ZJQAAXL6fQej1F1SIQYp5HPGg&u=%7CVjCLEMnXszDDpp1mxdu5qZUaZOiFGi81JpA4MVI3mNc%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeB6d077U1S4-WIqVNP7SjfP4hDgUDoiDx9o-B7f7EBxqVEPQ6ycSnruCluXnEdSnfqqMJUrovIN6REH0LfifL9b-eCw-_UKb-bxmXq84WP-fPnAFkHyY32Wjb8NVWWKmPIDLHgaDV7qwcPm0Vmh1O0VJEoMAPMwURo12fSZubS58xRGTXN_BpaBmKCPMovdFzFcKghAlJQLY10ATdzwVGzfsjqKGJx9YYKPYgCRNyVGBXTNLYWuy5vNbi2cCP-eAWUJJTqSWWlFU2Zh1mXRXKJfvqlF6R4i3AjWJRyS26CcCHCTlw0yGwLjQrt2FZF8nWaQlyz3ES7ekyf5WFLRCuTIOR6SjpT06FTf5_XEif7ys09AARGDYJZXU9XBIEuh-1RuuBMDNlM-aTnGodN1U1T7QorkCJyOPaWcM3InaiuWFV-OIqE6YitiJuqgLQfcNvjMYPxxBiYplqktN9ugJycR1kObi4AWYXDkeorT_LG1Zh4aNAxDQ43ptFdlHoHGWojVYQul7BU5WpK4eyrvfQA-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqwO2AHUZZauHMtCk9u8P6ZeX2AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_Qk4W6WIoRGcYwOmC4BbFRXH4jtxSLBctAsC5JjXW0gwrXgSBtpj5GUx_L5pYBUGFQ5wB7izKC58QZpDET7fs-a15wd0aF3yPPrMPKejOPN0Ekt2d1a-ia-CUEtq9bfjjq4-hX5grMhBr-2ip8R5GUPtZ9DFmQJ7xCZx_qeAztXLPVDfr3cQCatB4sdxF1C5dpCcxT5DGFttkXCPDzmytqlAwpOI6bkd0SAcB2FPj7xNNQCc7Tr-0ptMuIB52755ztuYHyT9BkScRIUYdFWu3i6D-nLVfgLtE559r8nxGEOrD5AaoAlU_RBqYgX3Q1VmK4GJcskUirFbZDuLz8cefe4I3HmMLQxKJNcnMT_ng-sCTV5aqsGCf2tI9oGW8NDw6E_kpUZMGPyqvKDNcPtbl0I1Se7KMVlWgD1J4u2vWegM4SKDiAUwXA10S009qt_J5cB2_bflGDeXdIPW45TlMk4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0JJPiRIp5nzIqoHQgMvynkGJo1QQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

52d1865870ac945ad2a461da955712e8ec7d5d410cebef7d86eea1fcea917813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:49 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sCwOYop35Wth0BL4neLz4SYRGi02y_q2V16rre8MjSwJEYy3x8tGaB_IF4aU--Q0Ezo2eKDI5nH3FGqGZSJRuYv67G-yPlU-lpatXilZkEMgBFYIuDfykbMD6QzhVrdJlOdblLYqfU5k1Z-j-HZ-6_EdQDywZ8V9m6coY-qEkdZ9R_4yKC23GqgEy5RZro51wKX4EfiAtiOn6Xeb0wyAWQF1FFbzjOKGjwIEN_XX9AkmNdUaiM9RYyg2iPLtKlKaGY2g-g"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 5869940
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 7226 3 KB
1 KB 60ms
40ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 18:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 18:28:58 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 7226 20 KB
8 KB 43ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 10:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11689
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 15 Oct 2023 10:18:01 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7226 24 KB
6 KB 62ms
43ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263182
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7226 182 KB
57 KB 104ms
87ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
DATA 200
OK truncated
/ Frame 49F9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dad13483849d671cd729afb8a1bce107113dfa8d4158015b488c369c7048cc00

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7226 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e79be27904694aa686e3c1f996448ec16485b41a1a158410bebf51a8f7d7c844

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A9F2 2 KB
1 KB 110ms
37ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AQAFzDUH_ZLxAAnP29gsJurSGWIajgnrHQ&u=%7CVjCLEMnXszA2%2FbomWwYQ4bELHKQiKIFlc1lJokNF6cU%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeADbhdH8Fc-YRvxkVOMfT2HV8Z5p2aRMyOV_qRsdwwhuZT9n983vOKhURrejdc9AtU5D51CJ_KKd5qsvJOKOHQ0_zV7sigODoI-1wVHXVUEzX0Of-r0Nsm_3eChr-edF_zv-y-v_hM9IxOICBWlLJ8zpRMG7MjIUKt3Mtj9CE02qrJSFQGTUYlQV2h1q4yaWRMsgOhFOmT7SHmNQIPUU6oWGGAxG9lHi2XsQO1zHUp_5fO-XFCWu1Si4CRdTOGF0-p76dOyiSAMd0cdCkaq1rLKM_81C8LCYvPjzJKyxE_ovyEEDiteonmcZvE7YJmt3CkhVmsVXLMokdAA8yNA0wvEtEfP8Y8FcKB46x0gFUu_5ttcREjZ8FNZM_J-GWgzM32AwDwwpc1KqnjqarqT4ZI00Tp4ps3KCfxC2dfujKkgUndkX3P6o8o1ZXyMYkoA_mZ1_yUyi9Ze65TGSzWTHdwqoJjptfUXarkefCXRzi43AFNkLVBiJ1VjZ05RioLdR5NcS-xRRxP8aKyMuVbousQ0&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHOpEAXUZZbWYF_Gl9u8P25-n0AXJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_QmMBPKWhpOzXnCenUL9cYNQkxc4SIRPpjfe7-atmqzZJDiSgnmDGQirL7yv99nZE2GRqPsbXV1t5q4RSFxuHOqciX8AzDJ-hzEmK1nkdl75UN9kydyWQRYdWwMNx4IDXorQZcmMesjeW4ctmG8_EUBiqlbAxoHCuxBOpHtXGlrfjkCjYglhwmABUC6s8GlHbJtS1EXibVGOBh_eknyuzkuxWNLKj_BVLTB2LUMTSE1ex51G6V_Rs1t07Mn45EEQ_1wgzmgPRWRsZNow2yFKV74f9ir3DajjE2n15g4N9x1MPyvyESw-TSEVXkZcxtilHac6LUEoujmPeYfhLqG0CX0A2W2mGtdMvpUQ1iQI3UU5lmpEPb2dL_dPmuJMy3n8Hx9SnHEwqrirhdjVpfv-4jgEMPlrS6ZeUq-P28iM3LAlPh-Gg9fBDoSmiCQG9meYwpeHoKsgkfHGUoVljCPEZw4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_367sQGZYZZ4k-8ZCQWgBZ3x3QGng%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A9F2 2 KB
1 KB 111ms
39ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A9F2 308 B
636 B 38ms
35ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame A9F2 293 B
621 B 39ms
37ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame A9F2 43 B
348 B 204ms
38ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=xjxmYNpXyfzMAtOW69uKdKftDrxEE-W8-Fa6FMOe9Et6sPYXUjAf-b8DpgwhSaQ70d6SzIigUu6XDWI62i2qbzlqi8InJlFTpo-cnUu28Gv0yUQe05__PZ1H3YtK2Z6LfZodTc-eM4uwcDbv1WnaE4-XHxgEyBFrnV38v3micfe7MmlLaaKf1oNE_HkGPF4Qe8nWfX0_uM2L0NGbl1Vnwvfr7JnZuathJHKFA8yaQUA-1ip25OZq2KAz-ZJxiVglPOfQrtzSICy7lKjGgW2b9VnackApDN72kctGugRDuDZPYD9JspIJE3nBU5J8nIy44OWiMHZbB4oSXrTkqLACKiFZtLm57wKtqSAiQep00-Zz66vtALmcu98Jk-I6Jis316LgFhp3oicf2i_W8OLVWFB9w2JAOJHzgqwf4asCOEUG1P7G

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1589044
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 c57da0fd9191430692c20778004085b9_image_ad_728x90.jpeg
static.criteo.net/design/dt/41417/4982612/ Frame A9F2 28 KB
29 KB 58ms
57ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/41417/4982612/c57da0fd9191430692c20778004085b9_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

02114f7140239ba854aeafccfb48f246dcd2ca9357e0a569e0d9233cfecd3081

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 25 Sep 2023 10:35:34 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "65116276-712a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 28970
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 243F 2 KB
1 KB 106ms
38ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AAAMg6sH_ZJQAAXL6fQej1F1SIQYp5HPGg&u=%7CVjCLEMnXszDDpp1mxdu5qZUaZOiFGi81JpA4MVI3mNc%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeB6d077U1S4-WIqVNP7SjfP4hDgUDoiDx9o-B7f7EBxqVEPQ6ycSnruCluXnEdSnfqqMJUrovIN6REH0LfifL9b-eCw-_UKb-bxmXq84WP-fPnAFkHyY32Wjb8NVWWKmPIDLHgaDV7qwcPm0Vmh1O0VJEoMAPMwURo12fSZubS58xRGTXN_BpaBmKCPMovdFzFcKghAlJQLY10ATdzwVGzfsjqKGJx9YYKPYgCRNyVGBXTNLYWuy5vNbi2cCP-eAWUJJTqSWWlFU2Zh1mXRXKJfvqlF6R4i3AjWJRyS26CcCHCTlw0yGwLjQrt2FZF8nWaQlyz3ES7ekyf5WFLRCuTIOR6SjpT06FTf5_XEif7ys09AARGDYJZXU9XBIEuh-1RuuBMDNlM-aTnGodN1U1T7QorkCJyOPaWcM3InaiuWFV-OIqE6YitiJuqgLQfcNvjMYPxxBiYplqktN9ugJycR1kObi4AWYXDkeorT_LG1Zh4aNAxDQ43ptFdlHoHGWojVYQul7BU5WpK4eyrvfQA-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqwO2AHUZZauHMtCk9u8P6ZeX2AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgThAk_Qk4W6WIoRGcYwOmC4BbFRXH4jtxSLBctAsC5JjXW0gwrXgSBtpj5GUx_L5pYBUGFQ5wB7izKC58QZpDET7fs-a15wd0aF3yPPrMPKejOPN0Ekt2d1a-ia-CUEtq9bfjjq4-hX5grMhBr-2ip8R5GUPtZ9DFmQJ7xCZx_qeAztXLPVDfr3cQCatB4sdxF1C5dpCcxT5DGFttkXCPDzmytqlAwpOI6bkd0SAcB2FPj7xNNQCc7Tr-0ptMuIB52755ztuYHyT9BkScRIUYdFWu3i6D-nLVfgLtE559r8nxGEOrD5AaoAlU_RBqYgX3Q1VmK4GJcskUirFbZDuLz8cefe4I3HmMLQxKJNcnMT_ng-sCTV5aqsGCf2tI9oGW8NDw6E_kpUZMGPyqvKDNcPtbl0I1Se7KMVlWgD1J4u2vWegM4SKDiAUwXA10S009qt_J5cB2_bflGDeXdIPW45TlMk4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0JJPiRIp5nzIqoHQgMvynkGJo1QQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 243F 2 KB
1 KB 112ms
45ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 243F 308 B
636 B 59ms
55ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 243F 293 B
621 B 84ms
80ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 243F 43 B
347 B 190ms
39ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=VT39sNpXyfzMAtOW69uKdKftDryOMyHfw9jFKRo33uMrDn7QozNIhJSqgZDgybQAUNTlmbDEILq2F9aSi_UlqKAwpVzfuNLBt_takOxs-uWghFMkSQGfRU05yr6Z8M0FiZe1IwNhLAAnJaFTWjUXqxtUnwywcFsNh5PvZ6lr-sNoBd7llIjStS7bieHlWxza65y_hPfvm8tOXaoJmcoYDXo6VmI91IO0NkTStkPJpGwljZx4omhT_H-lp5FjCaMtF_dXOI1vEbOT8atyHqcxVWvNLczcmSQ6kiFjDmciw4R5_8VLeA1tXE7vUExoRF3beGz1_imnHCHVjTABzIxoyJZzbVZH9qkfnXA0wJqXlQLH6pfusplGpvbnRyckIu2_RnyNP-TtqBQHBN1yLaQZMlj9Ualb_3MTp_MPaWT_rUq5jmm-

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:49 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1674192
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 c57da0fd9191430692c20778004085b9_image_ad_728x90.jpeg
static.criteo.net/design/dt/41417/4982612/ Frame 243F 28 KB
29 KB 74ms
71ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/41417/4982612/c57da0fd9191430692c20778004085b9_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

02114f7140239ba854aeafccfb48f246dcd2ca9357e0a569e0d9233cfecd3081

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 25 Sep 2023 10:35:34 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "65116276-712a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 28970
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D782 144 KB
50 KB 111ms
110ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48be81013a3c733fb25e50f064f153b4b0737ace6ca019928548897cd6c6ba56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50743
x-xss-protection: 0
server: cafe
etag: 9078548006840792529
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/ Frame 4C0F 410 KB
129 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4972893832cc7f114925446001ef0c43c031cbc7d2b2a8bed395c116c911402d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 11:26:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7580
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132541
x-xss-protection: 0
server: cafe
etag: 15229329507080665565
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 30 Sep 2024 11:26:30 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/ Frame 9EA5 410 KB
129 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4972893832cc7f114925446001ef0c43c031cbc7d2b2a8bed395c116c911402d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 11:26:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7580
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132541
x-xss-protection: 0
server: cafe
etag: 15229329507080665565
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 30 Sep 2024 11:26:30 GMT

GET
DATA 200
OK truncated
/ Frame 4C0F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65d8dd267f5063ede68e786d0d84e1ed0b957076808c4bb1b803a665b9b707da

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 all
csm.eu.criteo.net/ Frame A9F2 0
127 B 205ms
36ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=K42Mg4p35Wth0BL44GQQCMPAmdK8cIFRkbO8ltcm3wjUjHWeyyMP9CPymva-aKMje8e06mwjcpck_aKKMkH68rftlZUvAzSriPEPL6fxoWyd2_yrHSm7HC2D6otQJugNo_gItgDCquFeSo4XwTYxgm7bN8x0dOsa77Q7sG1eb_Ts2rvuY_W0vaPepYOw_8fBAUdspCFeYajRlIwEvAd_qmuZthFztBVS1mNNHIvXmtnt0cqMoXLcqkdr3Il8XbMzf6J5ow&sds=2&rev=88628&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A9F2 2 KB
1 KB 70ms
69ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A9F2 2 KB
1 KB 70ms
69ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 243F 0
128 B 201ms
35ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=sCwOYop35Wth0BL4neLz4SYRGi02y_q2V16rre8MjSwJEYy3x8tGaB_IF4aU--Q0Ezo2eKDI5nH3FGqGZSJRuYv67G-yPlU-lpatXilZkEMgBFYIuDfykbMD6QzhVrdJlOdblLYqfU5k1Z-j-HZ-6_EdQDywZ8V9m6coY-qEkdZ9R_4yKC23GqgEy5RZro51wKX4EfiAtiOn6Xeb0wyAWQF1FFbzjOKGjwIEN_XX9AkmNdUaiM9RYyg2iPLtKlKaGY2g-g&sds=2&rev=88628&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 243F 2 KB
1 KB 68ms
68ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 243F 2 KB
1 KB 68ms
68ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:50 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309270101/ Frame D782 380 KB
129 KB 112ms
111ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309270101/show_ads_impl_fy2021.js?bust=31078320

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

306f0a660ec49331b955d79d3c84d55109d0e3e3f85708c8881087d4bcf781c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131818
x-xss-protection: 0
server: cafe
etag: 6235736465091349035
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:50 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/ Frame CE93 10 KB
5 KB 83ms
21ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 7480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 11:28:11 GMT
etag: 2603938475786422795
expires: Sun, 15 Oct 2023 11:28:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4C0F 24 KB
11 KB 305ms
304ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2987738657539224&correlator=4328124429988101&eid=31077227%2C21065724&output=ldjh&gdfp_req=1&vrg=202309260101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com&abxe=1&dt=1696167171025&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=s39llnrakj44&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=160x0&fws=256&ohw=0&ea=0&dlt=1696167170199&idt=751&prev_scp=in2w_key9001%3D1%26in2w_key%3D1%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D1%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=3537600882&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af2de7bf7cdc29689ff5d8a3f8ef6156bf9318665c9dd8dd9dd63d81f9f6824d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11144
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8BD1 6 KB
3 KB 54ms
29ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Mon, 30 Sep 2024 13:32:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9EA5 56 KB
20 KB 348ms
347ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1844549355159672&correlator=123296447389262&output=ldjh&gdfp_req=1&vrg=202309260101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com&abxe=1&dt=1696167171077&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=4s2sfa7fsdhi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1696167170203&idt=857&prev_scp=in2w_key9001%3D1%26in2w_key%3D38%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D38%252C39%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D7&adks=1247079451&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41bad9fccbe130cb34ae6647e39d71a4a740f88c60656abc4c3f713a6a12fcdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20369
x-xss-protection: 0
google-lineitem-id: 6135185025
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376945716
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DE1B 6 KB
3 KB 152ms
26ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Mon, 30 Sep 2024 13:32:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 49F9 0
0 119ms
117ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CpM8SAXUZZbWYF_Gl9u8P25-n0AXJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgTeAk_QmMBPKWhpOzXnCenUL9cYNQkxc4SIRPpjfe7-atmqzZJDiSgnmDGQirL7yv99nZE2GRqPsbXV1t5q4RSFxuHOqciX8AzDJ-hzEmK1nkdl75UN9kydyWQRYdWwMNx4IDXorQZcmMesjeW4ctmG8_EUBiqlbAxoHCuxBOpHtXGlrfjkCjYglhwmABUC6s8GlHbJtS1EXibVGOBh_eknyuzkuxWNLKj_BVLTB2LUMTSE1ex51G6V_Rs1t07Mn45EEQ_1wgzmgPRWRsZNow2yFKV74f9ir3DajjE2n15g4N9x1MPyvyESw-TSEVXkZcxtilHac6LUEoujmPeYfhLqG0CX0A2W2mGtdMvpUQ1iQI3UU5lmpEPb2dL_dPmuJMy3n8Hx9SnHEwqrirhdjVpfv-4jgEMPlrS6Zaco2W88Gx32pIPGIuQdlbTmbWI0SkF--zjhRdz4DRczBP3iwngr4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=Xqe2jO0g9EI&uach_m=[UACH]&cid=CAQSGwDICaaNjveIN5G2zIvl5kSzxm1kpT5IzF2enBgB&cbvp=2&vis=1
Requested by: Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 49F9 0
126 B 162ms
36ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k6qtEe-uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRAAdRllJcDM-NesPGIvgAAAEgAACgpBUVVCRHdFQkR3&wp=ZRl1AQAFzDUH_ZLxAAnP29gsJurSGWIajgnrHQ&cbvp=2

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 158916
server: Kestrel
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7226 0
0 116ms
114ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAJ5AAHUZZauHMtCk9u8P6ZeX2AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAuZOUjkYvbE-4AIAqAMByAMCqgTeAk_Qk4W6WIoRGcYwOmC4BbFRXH4jtxSLBctAsC5JjXW0gwrXgSBtpj5GUx_L5pYBUGFQ5wB7izKC58QZpDET7fs-a15wd0aF3yPPrMPKejOPN0Ekt2d1a-ia-CUEtq9bfjjq4-hX5grMhBr-2ip8R5GUPtZ9DFmQJ7xCZx_qeAztXLPVDfr3cQCatB4sdxF1C5dpCcxT5DGFttkXCPDzmytqlAwpOI6bkd0SAcB2FPj7xNNQCc7Tr-0ptMuIB52755ztuYHyT9BkScRIUYdFWu3i6D-nLVfgLtE559r8nxGEOrD5AaoAlU_RBqYgX3Q1VmK4GJcskUirFbZDuLz8cefe4I3HmMLQxKJNcnMT_ng-sCTV5aqsGCf2tI9oGW8NDw6E_kpUZMGPyqvKDNcPtbl0I1Se7KMVlSoB9QyuSSWjJh418rSguqHO8E4C2fS1fiqUOskpwU-vYe-CqU7Q4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=LRS64knooOs&uach_m=[UACH]&cid=CAQSGwDICaaNaV4O-kM4cofVSg67kdiaUx2jM2CKHRgB&cbvp=2&vis=1
Requested by: Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 7226 0
125 B 158ms
36ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k6qtEe-uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRD_dBll1gj5PkTwGE6HQwAAEgAACgpBUVVCRHdFQkR3&wp=ZRl1AAAMg6sH_ZJQAAXL6fQej1F1SIQYp5HPGg&cbvp=2

Requested by

Host: 25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 164778
server: Kestrel
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4C0F 0
0 128ms
59ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuu4K1xsIpPBfVyB8PqFKwYMVnyFK5qJdyaE39AfO4M6K6zc7LYFaDqUy6vyW6m8tiuu7R7W7itm0YiH1xJbegrwn1rkb_RjzJcw_pb1KvJEv6MAFkb90DTCKIPS53ANURqAxm3q5nDlGYiuX9SpwM5_xIYj58xMyo-WbwjXrbAR1RT451goAoCf9FX2T8IqFxr4Oy-eltSNHIVTNnAk74XyT2LWy8zdDNwp4zDPPgFbfODKD0NaeF0cTcaPR3LOmiPNi4I2KGzOg2aVsHqBWAKkqES4m-oO1eY4-8UzWHhF1SLesffujy8_0Y5z6J6V0a6LDR_fki5CqZw-uHRPR7IIHlsNEPAuwVZlIxm3EXCHcgTctQ&sai=AMfl-YTn1KPMLmuiM2k9EFzS7__cdFlP98Dd6Sa4V-8M3k3zRLOb9AIIWcMdXYc-c91_iA99guz_qwUKYCitu3M&sig=Cg0ArKJSzNILI_md12K3EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4C0F 16 KB
12 KB 164ms
72ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309260101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d3f7a8238fbc638d961c9185290155a90ce48870ed7113f066b6798c5ee2c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12151
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 925F 37 KB
16 KB 358ms
324ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309270101/show_ads_impl_fy2021.js?bust=31078320

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfd6e6f6af3554560e56fb6af7185e09e67ebaa565f790ffc9a8b7ad986b2dd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15996
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9EA5 0
0 60ms
59ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKbB3QHXPSjc_xJPSTE1-cBcH18_szdUovtrCabwulbI5EIzQuoq7ifZ6qn0ZDUyJXVe8kTbGrVIhjXVr_X4O1G56QYTNcdZWB1AW6eG85btPeba3_dG3PWmWtSClfTxiBWeDD7SDGgzy--4405E0RtUhw7Gc_EaN6O8At3PBt7F-0BxChaDgpIgGeUHUjXJ4yeXtIZFY12Rl-VUDQsoi-qJH9GvtwzlMLGcDhpuwMz02HiCYV3xRS615LURWaSjqjEJ5Ry8HvWaQWsClRdbj_HUnCmbYj_Pb1y7XE4HkMbZ7eGzPlqjdaMKeaU5IGWd9pcMAkHOewyee2fDyIEnzCcZWZMDAdrq6U3GKyjUWFDZjtAA&sai=AMfl-YT1adTF5JtkTy0ncKDVMnEtQAdpETijgmjvamciYO6Ud7YPjrH8_KFCng5Uhd-p_RHj3d3z6OfX-X4oMWI&sig=Cg0ArKJSzJfCLNDcV2FwEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9EA5 16 KB
12 KB 73ms
72ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309260101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7e8b4ef29be68a436a57b39af25208460f1c920a3a638059819d6c00f3fe977

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12121
x-xss-protection: 0

GET
H3 200 container.html Show response
51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9C75 6 KB
3 KB 24ms
22ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Mon, 30 Sep 2024 13:32:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4C0F 17 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9EA5 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6926 478 B
195 B 63ms
62ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhjlzufbATAB&v=APEucNWLkJVtRWfrJG8cMqaPaJF6g918Pd7PoRes4AMBWzR_S6A5klTYMCdExoOU5NjUNiMqHjU0IckWIE17BgyziEWSaVJ5cw

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9C75 89 KB
31 KB 100ms
99ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31438
x-xss-protection: 0
server: cafe
etag: 13183557946744512263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C75 42 B
63 B 125ms
124ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AIfBPrEOqs-av_zbhPX2lKpuA0sfyUxr6D7Ak74CcIGtXRo2qtO2OYiVigeW4OeW_ofe3VmWhArhX9prmm9B7IkCHtwe8Z94TMVSK9T-fBRS46zIg

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C75 0
20 B 127ms
125ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3191800397699301653&x=1&ct=76

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 9C75 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 18:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68633
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 18:28:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 9C75 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 10:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11690
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 15 Oct 2023 10:18:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9C75 0
0 97ms
32ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRSTDPbgv06srL6GfuCeEm9xoNK_1MC4H91-Q6F6-Hma1XFdt17CeRsmvsMc41lL_m9o_yCE7QLByy7CS-XqqRdctIzMg
Requested by: Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C75 182 KB
57 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 49F9 42 B
64 B 130ms
130ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGwEI34vEiz2aIqeWoYBSRiOCGOQfzqyGS8OsX3ftsa3Dno3lZa3FWZnJ7dg11X0LdqahSelFRt76RIMXJ5ikgnjyVOEgtAT7J6B4&sig=Cg0ArKJSzCa1ikVkQTXdEAE&id=lidar2&mcvt=1011&p=0,0,90,728&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20230927&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696167170141&rpt=293&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2687 0
0 62ms
62ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuyiVUz1B9ngnCS4JXiKBJz66Kdb6YSM2jeOVvYwonbL9jPXNFXw4YOT22c-JeSBhJbaCvn0FvnUap4-lPyep6Ct_LG5ZrICGm45aiN6-3xjy8AQsw8z_jxcawARAAhMjH8G_DbC_DZDRHKHUu_cLAuhVqWzLzPwXCZB4g2uZ31xv4vjfTKfCUQQ2PZxP3lhFWo_Jzp5gL0AZF7eFK_qwnPm2ML_j4V-38f9la8EkC-QZ5ycc7G74VUR6adeGxLJlRLEwmbyO_0KdFD2ih24sR36k0HvkwCshunufpJ-9SjOHJspsh3If-uxYTZAwvDsnPSHKCUFCerEdBh3ubCQkz8VfYKG-YWmyPQbaUbyYjpxmI&sai=AMfl-YRJZCr3EGUJGx7e3STxk1XJw0v93m677npAnEf0sXGgmXg08PJKYjOGXjUGu-bP7nnLh9uM6osDiX8ZG36dhKgRoaa-HcjJZ1ABnQ&sig=Cg0ArKJSzMrGxqvY6_HJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2687 182 KB
57 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 6926 170 B
409 B 123ms
34ms Image
image/png 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhjlzufbATAB&v=APEucNWLkJVtRWfrJG8cMqaPaJF6g918Pd7PoRes4AMBWzR_S6A5klTYMCdExoOU5NjUNiMqHjU0IckWIE17BgyziEWSaVJ5cw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 6926
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1

43 B
336 B

64ms
63ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhjlzufbATAB&v=APEucNWLkJVtRWfrJG8cMqaPaJF6g918Pd7PoRes4AMBWzR_S6A5klTYMCdExoOU5NjUNiMqHjU0IckWIE17BgyziEWSaVJ5cw
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nycQatxTPRbEfwPZfT2Yrp8dxef87Ix7VHjyMFEywyKRRtTEQULt71yhgQyuxq1Bqsjck1BTyGILjDq2FD8%2BU6%2BFaZ4vaU9rmaWGTxifUgRAxpP3Atdqf4WoJ3mjdQ2HeFnF2e3xWzNXgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80f512f818f90200-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6926
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRl1A.2SgqUG5y.vjE9BPgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1&google_hm=2

43 B
768 B

63ms
63ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhjlzufbATAB&v=APEucNWLkJVtRWfrJG8cMqaPaJF6g918Pd7PoRes4AMBWzR_S6A5klTYMCdExoOU5NjUNiMqHjU0IckWIE17BgyziEWSaVJ5cw
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzZaacZArjN4uiufq8DWZzByeQHd5pTOD%2BXX6ptX%2B14gBaCUK0kQbqtvKStNG0vA2S2rgfGlb0ot77Qq%2F9EL05YO7UIzwnJzgD5kflNb4BvDaWUucw5LyEEL9Shr0EUjoltoLiiCY6eHyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80f512f9aad001df-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA7it35tHvQY44gOXteDMVs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9EA5 27 KB
12 KB 250ms
249ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1844549355159672&correlator=123296447389262&output=ldjh&gdfp_req=1&vrg=202309260101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|160x600|300x100|300x250|300x600&fluid=height&ifi=2&sfv=1-0-40&rcs=1&eri=5&sc=1&cdm=25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com&abxe=1&dt=1696167171543&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=4s2sfa7fsdhi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1696167170203&idt=857&prev_scp=in2w_key%3D39%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1%2C1%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D38%2C39%26in2w_key9001%3D2&adks=1247079451&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88e831277b2dc3533be222d80c4db008a438ef1c5bd2beed13215893271ea02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12599
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 91D9 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 12:08:02 GMT
expires: Mon, 30 Sep 2024 12:08:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 433F 829 B
1 KB 34ms
33ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f355fad01860140a175e2aa4ade729d7e0e28e0f932bb2f32313e89710c24d4f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ilEbUol3N1khpLsQseKXXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ilEbUol3N1khpLsQseKXXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Sun, 01 Oct 2023 13:32:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AD13 13 KB
5 KB 29ms
23ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 12:08:02 GMT
expires: Mon, 30 Sep 2024 12:08:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FB98 829 B
560 B 33ms
31ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bd62cb79af6f71c721903e87e64c0353b7fa6c24d3e3378560dab1c1c3a1cf8e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EId-PZX-3T0F8-sopP5BdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-EId-PZX-3T0F8-sopP5BdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Sun, 01 Oct 2023 13:32:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C75 0
20 B 134ms
125ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=94553774153&version=m202309120101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C75 0
20 B 123ms
122ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=94553774153&version=m202309120101&ct=76&x=1&cor=3191800397699302000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9C75 99 KB
39 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DNH_2ZSb_42uic7dOThz1YS_hEptRWoiJ7PubbES_gUNYKCQhWOTY_qgDFt9pbiPJPFffQEeFythh7kn0PnVWLkKrwSdCHIJ9pKNGvbZfLkef56lA&cry=1&dbm_d=AKAmf-BpVbAFomRt0_pjxou2JylxSny6MB-whmVKkebkRqCbi8QyiBQCBXDmxIMjS37kbtITltO9va3ri5whE_txPOcoE4X6XVlptsfekSV_9PnXfDa_12AuDm6BUhg5cU4sz3_PFtx1MLEpZlKdFaN7NA_CYlnS7uxnr8PGXphu5w_FBG5cOtkROp_oa65XZSQbyEEINF-pWBkkDDdYFwMdmHGffkbpdqfTtw3dSIEa1-Hb5FVuFHZfQuy7v7aVaJpUTBU8zq2Lib9LvHcg-VThWS-J5T964KoVaHLbS6RDG7iVtvsfrhunKptQRPLuNWklIB0eWE9Sezz8mJDDN3cGLIKstZmD8-qG37Q35LumEbR18jSU38deXMduBs58Pu-ZXpgDAdzRhU257yi7uVrp7_QDTPPgh1yaUhf2RJaRTEDAIY8PJ0d5zImDYyv2muGXgNhxJSrQGE3bch4s9hcsMJlCjzZf1k879tO_sfXS6VQhibZvhMMNsbh-zDk7B3QtBeBwoz2gUZd32iq0XJxOLLbXqehAdeSOcn5MRVs7igSaWjDK2WdwA9lz1AIfRf2Q95HfAjHtDWXp_i_Sh4uq7tTwZ5UrAu0kQofLRjKkWtN7t2P2na8ijFT1vtepQhDAWCz6aIZYNMRGLDUEj-0TnORNc-ViEdpgN-pAzJyep_0cHrwsZqU3DiSFHf5qPZ2VxzGTxG_PXAK5OHCB4T_rg9mFrhjpTY_zLkY8-yN1JVK4VeK65Fz0HfwyYwB1qs-NukSPWza0fLC4nBN8nNxG4I_BzGjE59gZYoFEZuBSFidfGtovZMHTCrXZVvU_1tzsNz9hk5vM7MdVQ3XXd1BpmSdeGagqU9cHo5Vk6IoF_j8cl0wJUG0TT4XWpLDZfpQnVrf0Y96g2CgwXbJhum-bBCGZOVHUopr5TnOKcQIvITBLmHFXiDX9EZ7j5RYFyC3MnsRFEAb3xs6YIxVPiAw7dIVemFP9uGfdHJHSH0m17_WN7AihHoNLWWs8VJuBVNS-113VkNGuho7ap8DEBjiImo7a21ZH5S0mPjvX_U5QKWMqS_RpoiQSbhuoY_NEwBzq1nHaHroGICk-_UydBuM-qHEVZ2L3tLnCOgT0FTZ0sDhWxuHR-g8CHSsunToy_NVehKvvrAjNjthPZAgsCp1lMAVRZv-KfXxihqRM1w3qcPYgJ7iZ-Qn7mYqgRVhl4zo7o_K8PKKJAHDkKOoQubfjrHCxKzeavO5wIe7XsXX1nPcqhKjJuxAcYdD5oKdrRGG1IUaTKv6QjCJAyoXPPq1ct5qOyFSay96NNB7lS2oAybdiDXhDBo2Lwxspd9Vj2JCW7gNi_-OWugo7rosVv1hQy3ha-ZZEu5MZQRKEXA5RcYZN2lomABv3cECTccl7Fm2dNxlbQf4bqI3ci_dWT19OLher-sYFcey0T1RN__lKcbrjbUBs1sNC4fA2fvtPOpsCpsPlSkttbTEjczhuJtSGyV6VCHub7TJ9MV4mGllXDRn8S3PQOJ4BhlhgqIRtv9BO35JG_UzrdyWT1QJ5I0o0WReVjN4H1ZnlmK39on9hesOGUfD0wOz4noHO-gQYyclfqAwxHIBtRXBeK6J2XaJkMNWWLHVHJGuhX3kmcKJemgGGPVwv9S0s4rX7JpSTFlnqbe5X7QtvUnPnO4lxWWAJa1Nn2CwPIQSza7vzJiFpBEyYXqdNJV_q5viWg0_riYtqrfJgBEqTBop6dwmhHBXKbXT_b4aLeYedRbLHIDzQkcTeoV_fZ7PNiIgQwoJQiv1DtKMe-az7sl22WAGRV2OMM27ifDvpb0ob813OCy6sVNvhsAGl-W6CUS7r1G7t_W2u-eKpXaLdDLlKb_M-TcbNPNUiTvH6c-AlFUTnKXAF_vp-EzOxtwIuX4F-9lGxVRaDZyKeaPeayXY843R3OjcWOUbixyvV8XWe4Yb1_WxnoM-dJHfFZ8KYYdIPIjAO1qVjef8Vdx1WxT9vvPsCTwLbaD9vwdQgqm1a6XUNMpiDfnXGAlmRp8vz1qZIcnrZ0e5bfcmR1mZ7Jr0jkuonkYsj9sQnMETMEr-zGDHukLesvX7V6bmFRnImYMcdEWWBgajmSNFT_rm2LCZ8FmaGM40Bj67sotzFixO5Z1sVSsGI9yX81W1i4NfYT9vinGiGUIPTaVuK0zNDrSJS9heOAfxICaqfmp-PhftwYaVaxem2Im31C1ca86WuDOTcsnnktPF73xG0tNPHn0KXRC4Kgz123zyneiKAo8j4c443rXt-rPO2mey_6Qgu-6S0LtuCcxlSozu4RtEDDruMVuZAo_SM7PyxAkt-eogieqUVxeZmMZsLxJ_zdjzyJ2NAwAGvCrENp20DTjsS7OMqb-m0iRFSNn1CEDQmP_Hoy_k7WTIL1yOzo6SNgnBf02S2ymyGTso5pJTCXFM7YTHQlrgP5denPvO621G3lbGN1CDQs06vAj5_GVY6G4OtjAnz0KZKrOjUKBcGTkSBo97eH5kiBkv2fhsbBOXNlMuw6xXu-T47WmxvIYxmBRX2HpQD2sf3Lp71gi0mH_eZEj9_EMeRyiGErn51KUS9ladLEUnYeEktztVBFHDWNGrxAC_TVn_ixdg3Jz5VAcx3vrGJks7LPd-Gdqfbled65PAw16KA-IbcLAu7QINalrcxcnS1nyPaIPo9PtPPzYXu2KX9liIjw9_rM4OKJZpnVG4gBsQKg6urPRNjCSC1xHQyPZDmFhyHXbk0JGKIRnPj5dz32NuJgDp4iAKZH5Z5Iw32YwXW_XQhVcDzkIW6i7YVSeid7JF_7PZnpHBDhX1ot6inh6DLr971CAQW3BQ-C-R0ka7LrS0AM_IW_KnwE1a4ZB9MuckT7Aopejb7NZT-JtkUtFlKCga0WFLB9PwpM4dYWRrcTDGHkNSBUOkTDci6xQVXrG61bWrheB_E8a2EbMF3_v2T0NvoO8dftXH4h5MYVBcD6LXmdYBwXNUYgAhFxJVrgD4eU96owdGEOsv0sDxoZ8tW1SXUyVLPQH7BKrl_H_ZQ6sllPPSzhOvD7sCllZmFwVvskpOJYxhmXBUeay_Y7VK4eXlfl3JNIe9-lUll68zaRr_fe7QOu6x3llK-2fu-WxeYKdkf8hzP-uZJrnc-GGShlLs-BVpECcFOwN4s06GHMd3tPxdBsUIxt-kjuDrWef06yRUHQPEXG6s2-FgEyIHQnxBv9jOuJ0W-msF8c69_1JAHrlZsladHJTJ0EmTIaxrNUJtA5xvkdTaxN3cjSTGk2HNEvPbcXlU2RyWjxdzBE1QQwVrTcSokESJf_Dj7Nk2VbNSAUYn3QWCHQIVivERdtv9rxnW9TFGMdfrxxdjOnVdtq15GszdVNgJO_EhKZtSzeEDe4DVPQsVeeTN7ogURQg8L_7eifsm0BZKtr_jlQbT3pcys_2d95KmR-6i9yyORtXXR2HVqhyrgZcZf8AJ-9M1Tl_hG8ew_HRHcutzVzUoIfjxP69ADzABlhnyThMP8dqH9xDvGOrXVTFXMYAmZxwEI2zHoA5S3Sc94IErfUHTAaHKwYngHzVL5NeXiAGefJs2rZg_eZHxiQglRHZDOUxFAMjJ2Bqc49GReeeH5KMtWBs82kH9voPA7MC4t9SQXLbx-5MFLDvbVZCQuFSgnpmGARXN_tzBHw3aywflpHs2aCR_4gaPamOKOBMK9Wpmet0ZcWdQfD8SwpKwzOoZ-D5omg4hyhkdakS3usRnn337R3H552NQERlcx619w41oo-RXqrG0aYtKG3R_OnwVHOjaqYzucFeMkbsVorXl41w4KBf10kGZrBOjwrrCOs2hSx7ejemqbvRaRdy5FaAJ35xsWShl3NAbWF1EggNVz-KHMjHCTjcbZZ_7-7V_MFfRRQR3qZPuYaByzIttq97dyqr8Y2zxbUxcyQ2324-xapx9emhgb4n1H7gY&cid=CAQSKQDICaaN-hVFqBNNHji0lxRik5EdXIFJ4Knt-zIbxpvM_k9Xkvqk5IUgGAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=3191800397699302000&adk=627576174&idt=113&cac=0&dtd=97

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a933b392c367283868c86e8a81f3288df684c64c68a765109eeef1fe4ac07637

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39728
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 925F 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 18:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68633
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 18:28:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 925F 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 10:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11690
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 15 Oct 2023 10:18:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 925F 0
0 53ms
52ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaROHXsjOn5RW-599P-1cvYtTdv2eZ_kI--Nb4G96w5Qxa257ejYfPHtfob2IvVqWOtsjhnss_PF1WviFDRWgg4lZHJeOg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 925F 182 KB
57 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2687 0
0 69ms
69ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJAyLhVspd9yH0ffKrJfAc8o68UOORCJjuKLqq1SeAiYO9Yjk693S5M_jW9g80La934BE4B5CvwT4yuBR280MsOO_PQYjMM-z5uCzEvOGsVxRGcW9iGIBLB_XBTe2fqyN7b76kSSA8Syb3VeT3CON2PzTAMNYCAksuSWXrkQd_iUx6BGuI8No3EWl4U-dcaT2yRr8TmY4S1DJxDlULqDIGD43FBm68pAHRgpAFJfZvMu-MLGznTZQ_3V1JaZ3tt6wPChmL8HExoaRa7P1O8gCxCWcrYiu7Moc5-2GF930XVh5Zy0SNfkWsLX7yscheGG9pSC8ZlhdCBo9ObJefL2ciBPeTe-WZ1b35pxy9OZxykylxjQ&sai=AMfl-YQQJW5qtfs2xWktE2G_-3c1BYblhf946hfiSystGSKjA8E90RlxvtsdxIxoRPvdFpM8pbnehUkHjq0_y1Zgv8zAjNL32yERy8fHWw&sig=Cg0ArKJSzI-zMe4FjF5REAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:51 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 7489 136 KB
46 KB 123ms
122ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AwAE4JAKwlmaAAKG6yto22mJ_wg1Xt6T-A&u=%7C8JdfMqyD1%2B%2BdM5T5GAZmDSq1gf3mS30Phq2qHpI9sSI%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqcx_AYOCxtp-MNsF8AoBa0NrZYBBTSBw16G064Zwnkw3xehnsuvV19gYHtBr9LIsbEQBDKNr3VmOG7tAy5GwzT1c5uYsnv_W8xmqVZQwjsg5DvXUXigALu6ZSFUaDrTKI11tNONlvZTWHqaS3TFEDNRyO2LZcf35r2dOUIbND0XmGyry8UCkUAaNo93CRf0rGmURqrApDqbroxqUB5V3QskO51uf6-_U2qTDpZQZcZcHtnKBB66_rJikXV4ZgmhRPEX1fUmMf99q8RU2b9uUF6RkoSj2Lzm3WPuvLjTNDnuVGqeEbFCK_QIZfy_XS5I_BG0ElpoJCA9Hp4E9OJddQl3oQe0O7QiB5-aFLYbKcD_45dSgVo0q3lzAtftMNdfPAkUHQLdz-LN78vxGO4zt0Eh3Xhul9FV9Rjz8JsPPm_iLEGTDfJI6ewwADu62tl9yZb8FuKhlpMH3njozn-Xf7q0JuzRxOgQVH2hWLZD6u4RYTeBqTj6NsuqWuN_rSb8yHkOsT1wPD3I4AvANWIhbE9DpIwFlhdJ8f_Mg8_R0xd4CNxZQ2RMe53TYlmCAGUMjcWkOgEyfZCeDMBVjgLxIAgJg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFiyWA3UZZZDBE5qziQbrjYqoBsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5k5SORi9sT6oAwHIAwKqBM4BT9AlhD8O7Tax9xdDXwbZ6rixvd5_APs5qlMaFRoo6k8mUsQd5KMBz1stAxj8W1TpeWqorlB0-5boairpvO3hGGzrj5z-PWVAdT64f7M4JjypiVxG20rCLVzILSx8aGSaxDgHOHbi4rYxrjp7epMdHkjBe1-rzOgHWkvVJ9jqZqfJx_bEIsIfrSWJ3Sm8JcSPaIFQVz-JhnnZtPxLgurN40g7AxYJh1Gn__yedfwCWj8BCvpxFWhg79k6xLkd-PmKVJvybw7VlNb88SCsdluABqeKgPnDldn8vQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2CG8JGLpHjsbslxlreMGpiHgX8kg%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0a1437aed832ce8ff736f94f8c6244748a667ed507746e1b003d2988aaf552e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ZyOD6Yp35Wth0BL4lwFCdANtvhNbOqnLwg-exhwNR1uMzENa_9jRddNSby6OUBBNTljx1-gysq2f_GaE7bKBij4YAxcK3VIQw8saoWxhS1ZzjRcL9RqXgQobeMazMuic4QkJ1f-yeR5s6yXS6kwlljpTXutEIFCm43fyvXOX1fNDLbPydEaZEYUGQXG2ophjstJGiEpVLXMjcpE2z5Jk_vco7NMEmIMtaklSQbl5hzTvq_OL0gElibGGHLgHBzL_X7aTgA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 50695365
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 all
csm.eu.criteo.net/ Frame A9F2 0
127 B 65ms
65ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 01 Oct 2023 13:32:51 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C454 1 KB
643 B 43ms
41ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20246
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Mon, 02 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 2687 0
0

GET
H3 200 container.html Show response
d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FE25 6 KB
3 KB 26ms
23ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:51 GMT
expires: Mon, 30 Sep 2024 13:32:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9C75 172 KB
61 KB 100ms
26ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
Origin: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3821
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 Oct 2023 12:29:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/ Frame 9C75 11 KB
4 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DNH_2ZSb_42uic7dOThz1YS_hEptRWoiJ7PubbES_gUNYKCQhWOTY_qgDFt9pbiPJPFffQEeFythh7kn0PnVWLkKrwSdCHIJ9pKNGvbZfLkef56lA&cry=1&dbm_d=AKAmf-BpVbAFomRt0_pjxou2JylxSny6MB-whmVKkebkRqCbi8QyiBQCBXDmxIMjS37kbtITltO9va3ri5whE_txPOcoE4X6XVlptsfekSV_9PnXfDa_12AuDm6BUhg5cU4sz3_PFtx1MLEpZlKdFaN7NA_CYlnS7uxnr8PGXphu5w_FBG5cOtkROp_oa65XZSQbyEEINF-pWBkkDDdYFwMdmHGffkbpdqfTtw3dSIEa1-Hb5FVuFHZfQuy7v7aVaJpUTBU8zq2Lib9LvHcg-VThWS-J5T964KoVaHLbS6RDG7iVtvsfrhunKptQRPLuNWklIB0eWE9Sezz8mJDDN3cGLIKstZmD8-qG37Q35LumEbR18jSU38deXMduBs58Pu-ZXpgDAdzRhU257yi7uVrp7_QDTPPgh1yaUhf2RJaRTEDAIY8PJ0d5zImDYyv2muGXgNhxJSrQGE3bch4s9hcsMJlCjzZf1k879tO_sfXS6VQhibZvhMMNsbh-zDk7B3QtBeBwoz2gUZd32iq0XJxOLLbXqehAdeSOcn5MRVs7igSaWjDK2WdwA9lz1AIfRf2Q95HfAjHtDWXp_i_Sh4uq7tTwZ5UrAu0kQofLRjKkWtN7t2P2na8ijFT1vtepQhDAWCz6aIZYNMRGLDUEj-0TnORNc-ViEdpgN-pAzJyep_0cHrwsZqU3DiSFHf5qPZ2VxzGTxG_PXAK5OHCB4T_rg9mFrhjpTY_zLkY8-yN1JVK4VeK65Fz0HfwyYwB1qs-NukSPWza0fLC4nBN8nNxG4I_BzGjE59gZYoFEZuBSFidfGtovZMHTCrXZVvU_1tzsNz9hk5vM7MdVQ3XXd1BpmSdeGagqU9cHo5Vk6IoF_j8cl0wJUG0TT4XWpLDZfpQnVrf0Y96g2CgwXbJhum-bBCGZOVHUopr5TnOKcQIvITBLmHFXiDX9EZ7j5RYFyC3MnsRFEAb3xs6YIxVPiAw7dIVemFP9uGfdHJHSH0m17_WN7AihHoNLWWs8VJuBVNS-113VkNGuho7ap8DEBjiImo7a21ZH5S0mPjvX_U5QKWMqS_RpoiQSbhuoY_NEwBzq1nHaHroGICk-_UydBuM-qHEVZ2L3tLnCOgT0FTZ0sDhWxuHR-g8CHSsunToy_NVehKvvrAjNjthPZAgsCp1lMAVRZv-KfXxihqRM1w3qcPYgJ7iZ-Qn7mYqgRVhl4zo7o_K8PKKJAHDkKOoQubfjrHCxKzeavO5wIe7XsXX1nPcqhKjJuxAcYdD5oKdrRGG1IUaTKv6QjCJAyoXPPq1ct5qOyFSay96NNB7lS2oAybdiDXhDBo2Lwxspd9Vj2JCW7gNi_-OWugo7rosVv1hQy3ha-ZZEu5MZQRKEXA5RcYZN2lomABv3cECTccl7Fm2dNxlbQf4bqI3ci_dWT19OLher-sYFcey0T1RN__lKcbrjbUBs1sNC4fA2fvtPOpsCpsPlSkttbTEjczhuJtSGyV6VCHub7TJ9MV4mGllXDRn8S3PQOJ4BhlhgqIRtv9BO35JG_UzrdyWT1QJ5I0o0WReVjN4H1ZnlmK39on9hesOGUfD0wOz4noHO-gQYyclfqAwxHIBtRXBeK6J2XaJkMNWWLHVHJGuhX3kmcKJemgGGPVwv9S0s4rX7JpSTFlnqbe5X7QtvUnPnO4lxWWAJa1Nn2CwPIQSza7vzJiFpBEyYXqdNJV_q5viWg0_riYtqrfJgBEqTBop6dwmhHBXKbXT_b4aLeYedRbLHIDzQkcTeoV_fZ7PNiIgQwoJQiv1DtKMe-az7sl22WAGRV2OMM27ifDvpb0ob813OCy6sVNvhsAGl-W6CUS7r1G7t_W2u-eKpXaLdDLlKb_M-TcbNPNUiTvH6c-AlFUTnKXAF_vp-EzOxtwIuX4F-9lGxVRaDZyKeaPeayXY843R3OjcWOUbixyvV8XWe4Yb1_WxnoM-dJHfFZ8KYYdIPIjAO1qVjef8Vdx1WxT9vvPsCTwLbaD9vwdQgqm1a6XUNMpiDfnXGAlmRp8vz1qZIcnrZ0e5bfcmR1mZ7Jr0jkuonkYsj9sQnMETMEr-zGDHukLesvX7V6bmFRnImYMcdEWWBgajmSNFT_rm2LCZ8FmaGM40Bj67sotzFixO5Z1sVSsGI9yX81W1i4NfYT9vinGiGUIPTaVuK0zNDrSJS9heOAfxICaqfmp-PhftwYaVaxem2Im31C1ca86WuDOTcsnnktPF73xG0tNPHn0KXRC4Kgz123zyneiKAo8j4c443rXt-rPO2mey_6Qgu-6S0LtuCcxlSozu4RtEDDruMVuZAo_SM7PyxAkt-eogieqUVxeZmMZsLxJ_zdjzyJ2NAwAGvCrENp20DTjsS7OMqb-m0iRFSNn1CEDQmP_Hoy_k7WTIL1yOzo6SNgnBf02S2ymyGTso5pJTCXFM7YTHQlrgP5denPvO621G3lbGN1CDQs06vAj5_GVY6G4OtjAnz0KZKrOjUKBcGTkSBo97eH5kiBkv2fhsbBOXNlMuw6xXu-T47WmxvIYxmBRX2HpQD2sf3Lp71gi0mH_eZEj9_EMeRyiGErn51KUS9ladLEUnYeEktztVBFHDWNGrxAC_TVn_ixdg3Jz5VAcx3vrGJks7LPd-Gdqfbled65PAw16KA-IbcLAu7QINalrcxcnS1nyPaIPo9PtPPzYXu2KX9liIjw9_rM4OKJZpnVG4gBsQKg6urPRNjCSC1xHQyPZDmFhyHXbk0JGKIRnPj5dz32NuJgDp4iAKZH5Z5Iw32YwXW_XQhVcDzkIW6i7YVSeid7JF_7PZnpHBDhX1ot6inh6DLr971CAQW3BQ-C-R0ka7LrS0AM_IW_KnwE1a4ZB9MuckT7Aopejb7NZT-JtkUtFlKCga0WFLB9PwpM4dYWRrcTDGHkNSBUOkTDci6xQVXrG61bWrheB_E8a2EbMF3_v2T0NvoO8dftXH4h5MYVBcD6LXmdYBwXNUYgAhFxJVrgD4eU96owdGEOsv0sDxoZ8tW1SXUyVLPQH7BKrl_H_ZQ6sllPPSzhOvD7sCllZmFwVvskpOJYxhmXBUeay_Y7VK4eXlfl3JNIe9-lUll68zaRr_fe7QOu6x3llK-2fu-WxeYKdkf8hzP-uZJrnc-GGShlLs-BVpECcFOwN4s06GHMd3tPxdBsUIxt-kjuDrWef06yRUHQPEXG6s2-FgEyIHQnxBv9jOuJ0W-msF8c69_1JAHrlZsladHJTJ0EmTIaxrNUJtA5xvkdTaxN3cjSTGk2HNEvPbcXlU2RyWjxdzBE1QQwVrTcSokESJf_Dj7Nk2VbNSAUYn3QWCHQIVivERdtv9rxnW9TFGMdfrxxdjOnVdtq15GszdVNgJO_EhKZtSzeEDe4DVPQsVeeTN7ogURQg8L_7eifsm0BZKtr_jlQbT3pcys_2d95KmR-6i9yyORtXXR2HVqhyrgZcZf8AJ-9M1Tl_hG8ew_HRHcutzVzUoIfjxP69ADzABlhnyThMP8dqH9xDvGOrXVTFXMYAmZxwEI2zHoA5S3Sc94IErfUHTAaHKwYngHzVL5NeXiAGefJs2rZg_eZHxiQglRHZDOUxFAMjJ2Bqc49GReeeH5KMtWBs82kH9voPA7MC4t9SQXLbx-5MFLDvbVZCQuFSgnpmGARXN_tzBHw3aywflpHs2aCR_4gaPamOKOBMK9Wpmet0ZcWdQfD8SwpKwzOoZ-D5omg4hyhkdakS3usRnn337R3H552NQERlcx619w41oo-RXqrG0aYtKG3R_OnwVHOjaqYzucFeMkbsVorXl41w4KBf10kGZrBOjwrrCOs2hSx7ejemqbvRaRdy5FaAJ35xsWShl3NAbWF1EggNVz-KHMjHCTjcbZZ_7-7V_MFfRRQR3qZPuYaByzIttq97dyqr8Y2zxbUxcyQ2324-xapx9emhgb4n1H7gY&cid=CAQSKQDICaaN-hVFqBNNHji0lxRik5EdXIFJ4Knt-zIbxpvM_k9Xkvqk5IUgGAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=3191800397699302000&adk=627576174&idt=113&cac=0&dtd=97

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 16:52:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 16:52:32 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame 9C75 30 KB
11 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5e1a1e8982becdc83263b687951cfc5c5976af5b5d67eab53451cb72ac78925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 16:54:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74280
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11587
x-xss-protection: 0
server: cafe
etag: 192838463742493612
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 16:54:52 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9C75 41 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 433F 0
0 125ms
125ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309260101&jk=2987738657539224&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6CB4 1 KB
643 B 29ms
28ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Mon, 02 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9C75 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3622bb338c8f918f2afe498794ab070fa0630bd41e104bb670347051b18c250a

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FB98 0
0 128ms
127ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309260101&jk=1844549355159672&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 7489 2 KB
1 KB 40ms
39ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZRl1AwAE4JAKwlmaAAKG6yto22mJ_wg1Xt6T-A&u=%7C8JdfMqyD1%2B%2BdM5T5GAZmDSq1gf3mS30Phq2qHpI9sSI%3D%7C&c1=2P_wVlUbBFsw5yK-nUdqcx_AYOCxtp-MNsF8AoBa0NrZYBBTSBw16G064Zwnkw3xehnsuvV19gYHtBr9LIsbEQBDKNr3VmOG7tAy5GwzT1c5uYsnv_W8xmqVZQwjsg5DvXUXigALu6ZSFUaDrTKI11tNONlvZTWHqaS3TFEDNRyO2LZcf35r2dOUIbND0XmGyry8UCkUAaNo93CRf0rGmURqrApDqbroxqUB5V3QskO51uf6-_U2qTDpZQZcZcHtnKBB66_rJikXV4ZgmhRPEX1fUmMf99q8RU2b9uUF6RkoSj2Lzm3WPuvLjTNDnuVGqeEbFCK_QIZfy_XS5I_BG0ElpoJCA9Hp4E9OJddQl3oQe0O7QiB5-aFLYbKcD_45dSgVo0q3lzAtftMNdfPAkUHQLdz-LN78vxGO4zt0Eh3Xhul9FV9Rjz8JsPPm_iLEGTDfJI6ewwADu62tl9yZb8FuKhlpMH3njozn-Xf7q0JuzRxOgQVH2hWLZD6u4RYTeBqTj6NsuqWuN_rSb8yHkOsT1wPD3I4AvANWIhbE9DpIwFlhdJ8f_Mg8_R0xd4CNxZQ2RMe53TYlmCAGUMjcWkOgEyfZCeDMBVjgLxIAgJg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCFiyWA3UZZZDBE5qziQbrjYqoBsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5k5SORi9sT6oAwHIAwKqBM4BT9AlhD8O7Tax9xdDXwbZ6rixvd5_APs5qlMaFRoo6k8mUsQd5KMBz1stAxj8W1TpeWqorlB0-5boairpvO3hGGzrj5z-PWVAdT64f7M4JjypiVxG20rCLVzILSx8aGSaxDgHOHbi4rYxrjp7epMdHkjBe1-rzOgHWkvVJ9jqZqfJx_bEIsIfrSWJ3Sm8JcSPaIFQVz-JhnnZtPxLgurN40g7AxYJh1Gn__yedfwCWj8BCvpxFWhg79k6xLkd-PmKVJvybw7VlNb88SCsdluABqeKgPnDldn8vQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2CG8JGLpHjsbslxlreMGpiHgX8kg%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 7489 2 KB
1 KB 41ms
40ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 7489 308 B
636 B 41ms
35ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 7489 293 B
621 B 42ms
36ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 7489 43 B
347 B 43ms
38ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=xmi_bApJX9IVB3RqnM0JO0tV5_c0JDqdpqcBt1bBmPIkDRYiON1gVtTJy1iiINPwFZTku9tEZyZK64-zPB2KB4dFq5e_bJnmvUZCqeIS8eMT3VTD0VK_H4QmrstBdmo2Vxzj1hGMOHsEe8dDINHCjBLs7Bv_Y9ALI6lF8_BaULA45_Np2JFVsnDq6jyq0XBIewCM5hKrbfqlxAMZGxFETh-78QJYHHb0AWLY-tXmPfqhsd5cvh1cF9H9H6xjmM-sI3CPMl115S3zZROu77nfylrSV63IfE_4aleNfapulW-ugwDWvzARpkq44enDH3dBA-0gIKgX0khZadvr6WR0pgLZnCIHEj5xNQgpmGsCR0VBHjORExd5tXTexcoV6qLpV9M8sFi98xwHbVyDzor9fPFNiyYPWDvGc47cV04KaU-zB5xs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:51 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2175762
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame 91D9 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 30 Sep 2024 12:08:02 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame C454
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7z...

43 B
418 B

218ms
206ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 80f512fcf9a0f0cf-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 167
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJ8rskACs4K85GDhuvHb2NY&google_cver=1&google_push=AXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSrPb9_69G57Vpi81uN-rxn2DqoVy9rWwDmvVEc9rrDtStpzFeTHLClChV-t8fjr7Qf6voZYD_t7_WFxSHbtqh-kRAJY7zt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 80f512fb0fecf0cf-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C454
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESECqIU9GW3AQ3nnQan92tAI4&google_cver=1&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3t...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3...

170 B
188 B

39ms
39ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3tVGpyayRsADgoW2w

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmTe-SlGLxen7UNdfuzVP5j6DF0DCB4KfsHfDKdkPdM2IdsgwU9Pv2ZoIC-OdEE3nLXJD4aq7a-X1F29k3tVGpyayRsADgoW2w
Date: Sun, 01 Oct 2023 13:32:52 GMT
Connection: keep-alive
Content-Length: 244
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C454
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFc9rYPMbEHEzh4VcWlH4G8&google_cver=1&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfh...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIwOTYxNDk2NjA4OTc3MTg5MjAx&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83D...

170 B
188 B

55ms
54ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIwOTYxNDk2NjA4OTc3MTg5MjAx&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIwOTYxNDk2NjA4OTc3MTg5MjAx&google_push=AXcoOmSC3CHfNmOqhMPq7cwjQ0MG-QmSr9EZFE1LauGB9YLbOlt4SW3uEAJdM83DfZuEwgILPp16Ez_KEvkIDuo8wH2_lbofXfhN
date: Sun, 01 Oct 2023 13:32:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C454
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPCeaBbNCST1S_WjUZsNDgI&google_cver=1&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJ...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJLJIRljGnZJvYgWHW5w-_X71Q&google_hm=MzUzOTg4...

170 B
188 B

37ms
30ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJLJIRljGnZJvYgWHW5w-_X71Q&google_hm=MzUzOTg4MDk0NjAwOTg4NTcyNQ%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmQ_h6dtBACl2vV0dpLW0O-m5NbL1WWsMmhFQSqex333VV0Xv0Ehmn_StgHVMYeLXtjJVoVEeJLJIRljGnZJvYgWHW5w-_X71Q&google_hm=MzUzOTg4MDk0NjAwOTg4NTcyNQ%3D%3D
date: Sun, 01 Oct 2023 13:32:51 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C454
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiO...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiOAM2s-MlEnHB_03oyV7eNFCFejNLNZkjNrcsP3PYmKUUZF4&google_hm=QlMuMTc0YS1jMTk...

170 B
188 B

35ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiOAM2s-MlEnHB_03oyV7eNFCFejNLNZkjNrcsP3PYmKUUZF4&google_hm=QlMuMTc0YS1jMTk0LTQ1YTYtYjZjYg==

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS6Vkr9Q4sab_PGQWGvHELCgba-11LEba4MikH3FrLapQdBP5uiOAM2s-MlEnHB_03oyV7eNFCFejNLNZkjNrcsP3PYmKUUZF4&google_hm=QlMuMTc0YS1jMTk0LTQ1YTYtYjZjYg==
Date: Sun, 01 Oct 2023 13:32:52 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame C454
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEHmBwcBQD_kdOhVG_QAVLIA&google_cver=1&google_push=AXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPWNTi1KJjYh1jlM4UF8baYN8pCL_lSRKX5HEN7RSlj2H31V4wpBrB9PvM
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPW...

43 B
1 KB

133ms
44ms

Image
image/gif

162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPWNTi1KJjYh1jlM4UF8baYN8pCL_lSRKX5HEN7RSlj2H31V4wpBrB9PvM

Requested by

Protocol

HTTP/1.1

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Sun, 01 Oct 2023 13:32:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTbJ_vdokOj2X2rHFEJHsGoyxVVD32rYwwozD4i8KPWNTi1KJjYh1jlM4UF8baYN8pCL_lSRKX5HEN7RSlj2H31V4wpBrB9PvM
x-download-options: noopen
vary: Accept
content-length: 274
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C454
Redirect Chain

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEDVK0GXSfU0enjt87-VL-uM&google_cver=1&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbL...
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEDVK0GXSfU0enjt87-VL-uM&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbL...
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24&google_hm=WE9pS3R3eXgwb...

170 B
188 B

35ms
34ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24&google_hm=WE9pS3R3eXgwbUxubkl3V1I2aEE=

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 01 Oct 2023 13:32:52 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmTdVIxrkXEJXjJ243kPCX2M2_yNw8WB6n1nZxIneqS5nrntppROhZEnzy5VHrZb1DdcsOCbLgOEmAD_0Eh4885rQAMdgJBIe24&google_hm=WE9pS3R3eXgwbUxubkl3V1I2aEE=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 243
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C454 0
12 B 33ms
31ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KGsca5_Tx7EuKAt7Z37Ef1XuQo3ti4P4U5Wjf7HqnEh4ntU78sIgadbdKGAOC0p5RSbKEEpSiW

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2F3C 611 B
263 B 73ms
70ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNVE_9hKiJtEAOlddCsF9PJDIYJTKzTcRcRcZgcyMcWFlW-Rrz14uX75iE6bOOEaK00AJMnvDYG1E4taKLw-h6hF2GzLUg

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FE25 89 KB
31 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

adf78f79b0606670978e34ce28d41e3bd377aa7dfabf302119dccb61c4eb207d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31451
x-xss-protection: 0
server: cafe
etag: 13146691652413439477
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:52 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE25 42 B
63 B 136ms
122ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASZSnCDCZ3o6EH_IT82StfUS_xwrOZ5GgPlW9wPitkPO87R-6G3gyDEYK0bwYz2VSvDFw0aKIdRgauhgUZ7bwdEkn2txRWr7sbHaVmrbO-TKFojcM

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE25 0
20 B 136ms
122ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13622618253254992005&x=1&ct=77

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame FE25 3 KB
1 KB 38ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 18:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 14 Oct 2023 18:28:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame FE25 20 KB
8 KB 38ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 10:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11691
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 15 Oct 2023 10:18:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE25 182 KB
57 KB 63ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Oct 2023 13:32:52 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 7489 12 KB
5 KB 96ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 230013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HErMPAXokkDbGGfZee84eQfABpekPSIM7nvgvJU5zpfckw%2Fid%2BjzImelA3to1YaSRVPqVN0kSpR%2FEdaQ6LiichjQFsRUv%2FTqZ%2B%2BaUt%2FJWQIzGywPMPvEd%2Blo7gs%2BwApVBfcXP5u2A32kbuZotMvgBBbS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80f512fb0cd1f0b7-CDG
expires: Fri, 20 Sep 2024 13:32:52 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 7489 12 KB
6 KB 42ms
37ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame AD13 37 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 30 Sep 2024 12:08:02 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B225 22 KB
8 KB 27ms
27ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 263184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 7489 0
127 B 37ms
36ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ZyOD6Yp35Wth0BL4lwFCdANtvhNbOqnLwg-exhwNR1uMzENa_9jRddNSby6OUBBNTljx1-gysq2f_GaE7bKBij4YAxcK3VIQw8saoWxhS1ZzjRcL9RqXgQobeMazMuic4QkJ1f-yeR5s6yXS6kwlljpTXutEIFCm43fyvXOX1fNDLbPydEaZEYUGQXG2ophjstJGiEpVLXMjcpE2z5Jk_vco7NMEmIMtaklSQbl5hzTvq_OL0gElibGGHLgHBzL_X7aTgA&sds=2&rev=88628&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 01 Oct 2023 13:32:52 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 7489 2 KB
1 KB 38ms
37ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 7489 2 KB
1 KB 39ms
38ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CB4
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESECB9ow8eBmnyBHNHZXQhWM0&google_cver=1&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRtyQgNDkeujMJk8mZ
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dmFpVW12RzRBUTZXYURYa0JYVVpaUQ%3D%3D&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRt...

170 B
188 B

39ms
38ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dmFpVW12RzRBUTZXYURYa0JYVVpaUQ%3D%3D&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRtyQgNDkeujMJk8mZ

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 01 Oct 2023 13:32:53 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dmFpVW12RzRBUTZXYURYa0JYVVpaUQ%3D%3D&google_push=AXcoOmSvpzgQ6DbS6gsrce31ZceeBrS6qNF9r20-9boMXBor75iuHF7i4CYwK6960voapro-T0ZyIrMycTKRtyQgNDkeujMJk8mZ
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 243

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CB4
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESECqIU9GW3AQ3nnQan92tAI4&google_cver=1&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM6...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM...

170 B
188 B

68ms
67ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM6efZCbStF8dqg

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=wHCyFRg3U3lPIIjMw70QJS0M3q0&google_push=AXcoOmRQ-zkORVOgc5Hm7Qmz2Z-vPwkSbZOUE80RMSfx7nGArVuqkHKOTP2KDnxTm358zEvf6V84aGmCfCEMkM6efZCbStF8dqg
Date: Sun, 01 Oct 2023 13:32:52 GMT
Connection: keep-alive
Content-Length: 241
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CB4
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2Qei_YIBAG7mhMkNJYN&google_hm=abb93801-098d-49ed-b2...

170 B
188 B

44ms
44ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2Qei_YIBAG7mhMkNJYN&google_hm=abb93801-098d-49ed-b245-5a6bea8734d9

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-152
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmRXSFBJ0YxuRTrisZe3ILoxrrJhOJhSrD___HDbU3msbOQCYLbHIJFaiS_k9ZlM9oi9aebCul_Ik2Qei_YIBAG7mhMkNJYN&google_hm=abb93801-098d-49ed-b245-5a6bea8734d9
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CB4
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEEbuXGX8BczGaxNkOcsJb_A&google_cver=1&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0&google_hm=M2VFQnBFRVBQeUVaYlgxN...

170 B
188 B

37ms
35ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0&google_hm=M2VFQnBFRVBQeUVaYlgxNFphdG0=

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRhyG1oA_I_BEXa_DU_bZQ-NeFaCQAnALnNEUcvowvb6cto-_g4a5my3j4t3gQlA3mJHrLa5YVv5Y2JcKzPDOtiZ8aFhk0&google_hm=M2VFQnBFRVBQeUVaYlgxNFphdG0=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6CB4
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHm...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHmHGhuQmfb9ehs5odBDZk3IIEzZrXggLeMUHwkd-FzbbWPQ&google_hm=QlMuMzg4Mi04NDY5...

170 B
188 B

38ms
37ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHmHGhuQmfb9ehs5odBDZk3IIEzZrXggLeMUHwkd-FzbbWPQ&google_hm=QlMuMzg4Mi04NDY5LTQzY2MtYWRlMQ==

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS4ivoFi-_bN52h53BpYSI4UeG2n43ajk6ngRDA9e9b_dxVKkGHmHGhuQmfb9ehs5odBDZk3IIEzZrXggLeMUHwkd-FzbbWPQ&google_hm=QlMuMzg4Mi04NDY5LTQzY2MtYWRlMQ==
Date: Sun, 01 Oct 2023 13:32:52 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 6CB4
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEHmBwcBQD_kdOhVG_QAVLIA&google_cver=1&google_push=AXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8XjnaBFPancPsiVN3emkL5wEOTE1tzzpyZRYUlS4bbmQEx42VRlS3jo
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8Xj...

43 B
1 KB

133ms
45ms

Image
image/gif

162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8XjnaBFPancPsiVN3emkL5wEOTE1tzzpyZRYUlS4bbmQEx42VRlS3jo

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Sun, 01 Oct 2023 13:32:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmT_gA_R9J_h2d-KlXGwfdagqm6Cd8kH0FqVxMBdP8XjnaBFPancPsiVN3emkL5wEOTE1tzzpyZRYUlS4bbmQEx42VRlS3jo
x-download-options: noopen
vary: Accept
content-length: 271
x-xss-protection: 0

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 6CB4
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESELpkWQqq-T76HrU42Q0jnVI?ext-param=AXcoOmQFEYp8srOjTGBKLu5v39OYoDAAtpf89nPn6PY8EYUIFoXzfQQa6NH3PBqs36aZp0XRXuPzAyMXMb3sLNro2HZRh9fsiwVtSA&partner-tag=yandex_ag...
https://an.yandex.ru/mapuid/google/CAESELpkWQqq-T76HrU42Q0jnVI?redir-setuniq=1&ext-param=AXcoOmQFEYp8srOjTGBKLu5v39OYoDAAtpf89nPn6PY8EYUIFoXzfQQa6NH3PBqs36aZp0XRXuPzAyMXMb3sLNro2HZRh9fsiwVtSA&partn...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESELpkWQqq-T76HrU42Q0jnVI&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
144 B

84ms
83ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Protocol

Server

2a02:6b8::90 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Sun, 15 Sep 2024 13:32:52 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6CB4 0
12 B 33ms
31ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K_X0WLp8gDpEfMoPtg9sQENbvHbvGVLCelY4jS0U-FZdxbOaZzABi94cMzDeIuodoLEUor82zy

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11466985122124808424/ Frame EEAA 1 KB
767 B 104ms
30ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06bf242565e982887564028c843972c9a670b77e705613bea00fd2a10ed2db35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:52 GMT
expires: Mon, 30 Sep 2024 13:32:52 GMT
last-modified: Tue, 25 Oct 2022 12:02:43 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9C75 0
0 133ms
81ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsutNvjpLrs6RdYV00Uesg84369M2Lf-Tg8HPFv3U1VNkJE6NjLyiyfQeWOXCS5J5PxgwNE6RvIcbcnxuXav6bKGNf0dpVaomna-K4gJ3vIJLVgSAI-RzAFEv8q_5lOnhcy0BT1U5xdySHfAQQSEflOWxKlcQIaWOBtNZbT9pEmLbKBvtZbRIHO-7zz3K_kWb_kdVCWQnEdr03JMz8BqwxUynkPujEVIfyI09Zb9FQn65GMsxsnsoXIJ8-5Tbc7Alr-vdMokqzRAlO8p8h65nxSUwTziluvRkP5qdbpopXgpWM9Nwi9coyj_OFnpJW6GvfTZWc4_7DtAidmV-g6uJNi8KDMMBvxtDg2cihCU0yJsjTF6fPsP6rumV4LMmlwu9XceE64r-ZAcSFIhBW8JEW1tVHwNpTNztQ8fgVXIe8ZqeOGFmprziCnQb_JjIzHbOONcVb2KkV4qT3aQae6dB1KeZMKH1LB-CrAsDnR1oSLEzzlw9QpsJvlgsU3bqrhAvu1-Vq7M-I_qWuGNulqTn78JwyMe3SuTODKUQ46XVCWBjSQ-nkzQ1D5FpGG50WIQh5VzXx1X0S6S1ZkJnEIie3aMnDC_Q29VWgqnP2IOIciGY7weNMbUr1DxF0DyU6fk7-lfN4KiPnE6g0rKm6mH08e2OR-yLpLI-QQ0EikTmdPcmFjkYu1Zeu7J5oR8Yw3yoM2bHDTerzlBLKW4aO3agb_0L2YC_Dc58BvwVESDLPjPjX0-D-1Oh3bQ7oPxGFCs1cZzFXnVKBfB7gZEvw3BP3Aueu1rLLcqOLDLvjbg-Fs4j5GjsOxZXbSnbF8_7c0aFCUBSgpCAxQaYdVGjlN-josVSHvsttiXC-VZEQ2MIoKh5PKLb47Wzo-gRLuln8S7ZTpMmKJj-o0QgkkT7d-3-u-8_pGs6QA_IAI5s2kUPEppmBx5RwBLy2q_el9upZbXnz57L4Cw79OKMMDlOU9ti2p654sNSvqeRk3wvXK6RCPGTgVv7kOVDgXMIjddzdIwKl1f2GFWLKDJlOMdAK_WnwdmGRXtkn0vhLJvo9xJFkNy30lWJK2E51iy2KwIb-xTlhDs-hISc5PbC52VdRt7-5iOEA0AO-NdaJPCjCaOY9IyoNo6jXCbir5cUV5VBlwXjNzF7rJNk8_8SPWmUFV5wOaTBFqCdVfVNqBZHXKo5x4c8bf8Jlvlk9RMeIKRgOibl3X6AuxgG3dZSvpUdxypxA72z_sYwjDZST4CmgtrxTSWN1T90h_ZOkkVc4qDBdPZV7QQcqxBarVb41pqkVTX6tw4-yO0AjmNgXrX2f32JsFY1pvSKYPViSVMUW9yi0zxWQgCxybd19v1TxhUr8R0TGoAzLbGnOw&sai=AMfl-YRLAAaM8UbzjkJSb-fOwdq9GomvBIbqkzbiq6svSax4RyoFL5HwV6bR90OiyyIVUrMwvfN4w7hVM03WGtevraoAFQEcGgXzXVP_A3fnNaIyAc24DGNR52Biq7uhveXTN-fdfojBZQAfFEMqLfMXg9PKS6AUSoFFp-fkOU5aT3_Cn06iAF-m7yz630E46VxTs50dlF8-MyiB&sig=Cg0ArKJSzGmGm5lU7zgLEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=379&cbvp=1&cstd=364&cisv=r20230927.29609&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 9C75 43 B
1 KB 181ms
35ms Image
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lx-mindshare&extProvApi=lx_ch&extLi=29010463&extCr=180886200&extPm=353976359&gdpr_consent=&gdpr=

Requested by

Host: 51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
URL: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Sun, 01 Oct 2023 13:32:51 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: So, 01 Okt 2023 01:32:52 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1842
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2F3C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECGnwflJUyu0NkxMBDWFGmA&google_cver=1

43 B
838 B

51ms
51ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECGnwflJUyu0NkxMBDWFGmA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNVE_9hKiJtEAOlddCsF9PJDIYJTKzTcRcRcZgcyMcWFlW-Rrz14uX75iE6bOOEaK00AJMnvDYG1E4taKLw-h6hF2GzLUg

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
an-x-request-uuid: 79330934-9d05-4df4-bf7c-b28e4736411e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.12.222.173; 45.12.222.173; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECGnwflJUyu0NkxMBDWFGmA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F3C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2MDU1NjIzNzQyOTE1ODk2Ng%3D%3D

170 B
188 B

37ms
36ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2MDU1NjIzNzQyOTE1ODk2Ng%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
an-x-request-uuid: b5782e5a-50dc-4da3-8bd9-f2bfff804657
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2MDU1NjIzNzQyOTE1ODk2Ng%3D%3D
x-proxy-origin: 45.12.222.173; 45.12.222.173; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 2F3C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFTqVgleedi23QBMysU6zcA&google_cver=1

43 B
180 B

73ms
65ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFTqVgleedi23QBMysU6zcA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNVE_9hKiJtEAOlddCsF9PJDIYJTKzTcRcRcZgcyMcWFlW-Rrz14uX75iE6bOOEaK00AJMnvDYG1E4taKLw-h6hF2GzLUg
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFTqVgleedi23QBMysU6zcA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F3C
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWVlMTc3Y2QtOTRlZS0yZDJjLWYyMTMtOWNhMzFhODNjNjYx

170 B
188 B

44ms
43ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWVlMTc3Y2QtOTRlZS0yZDJjLWYyMTMtOWNhMzFhODNjNjYx

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWVlMTc3Y2QtOTRlZS0yZDJjLWYyMTMtOWNhMzFhODNjNjYx
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE25 0
20 B 123ms
123ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=942820722026&version=m202309120101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE25 0
20 B 145ms
145ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=942820722026&version=m202309120101&ct=77&x=1&cor=13622618253254992000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FE25 16 KB
12 KB 69ms
66ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DML4hdouhWSKzSizSnsAeaXz7XTt1KzaDMzRijRJHixHjxZgrSjrN1TrpLVJUG71fswXhpMmzUcrVfkTnNVsLEStq8Oa83m8LtFYKkKblL4srxGVqpTsb_wRQXtVjuRJ7QV9Hi7ZXFiYBS7Aw4sfPcf0dMisR7cLhBaPWiGyo9YNW7rD4&cry=1&dbm_d=AKAmf-DkGSAisUK_8zz4yRMDBQobyoQ-iCVQrLOYIM5at4pOi8txscP_1Z5aYt_ahyRdn95dNxcYo8Agw4zuxXo_numTY5gfWXznCOseuTKyQnd5glLpgzLpN116myE59KSdYj2MxJrikTrpUnP2svBmhGgWv8mD1E0QO6jYiKSshOkZo-PLz75sqoP5LB6c94MYBz3IEO2v_uhZbAjo8C2FBMMrXZUzueVYPlzzvAtgDmwGV3yl6-xNpfv7Ug3PEDSn7U734TPyfQLkbkV9GBSiNI6nprGxwkHNrP-I7WQv0hEwI_PxWofmlXn1tKr1EqVDLzkz3D-qmNf0DTa_VATx0HdEM5dIxB-OR6Tz8_6ODp0xzoxi1qcPfL-sx94_l2YYdelobzdBHb-B9s-zBoaiW7baw4uvqmZZo11CeXHAfQGSM3Vy6S1GcgF5wBBJ5OqcFSHyk58JmCtQUqYXQT4gkCTvDeiVKs5jjfXSiCkNu2G0oseIwIleyOtPsvDoQKBOHYvW0cR6vRKSkvmmNBQuc4PMJ6h_h_aNL_AUqtcxWtGY_337-WvfcEGssX0XGHEwbYhfLxrTpUy42WhpdCmpU3bF9TZbuj5Zg9p5ffg18CfxMJSkgyWiATDkrdr3xiPtRRoDYAD-wYyFbf46_ccfrXlnA_Sm-VJlrwEmOBaI9TvD9kXUw1YODwKcHNEoncSMK_c8FwCQLouvIWqc_6u72jNCLikuAJPAXN6KKFrSAfTSrgCwR0aVM001Rr8BGqjDaW6oCduwkNQYhU-Zg5Z-4ejt5gmaTH67VNyAJu2gGawqijjFf09yoLBviAIrFLCOt8LbcAmS7OtL22whzY7Z2C6JEbI1oX9fHuOWcUPlRWnGD9K40txmDya7XeI8E4ZkrmWuApg9VpVJ7IzAepaNbcl8qGTWDnm66U4H40sgFfeonTx43ZnoXbpQMdgdJzT7aocyZFAzOqR6lBMmS2gvBi1bKyzGAemumg_vBESahQIoMpprMLHxNDS-zIkFbEKBniqfFFZdgjCyUX-JVO_GkefJTC-6j-ukzGNlJc52XCzGcIwh6ktyRw4ta724kipssqCiE46f9XA7hxUYiZAToy7ujAoJREPwbC86dYaHDAxc3Fb_AdEzLALmnyW7eQtbx-B1OATg79D4dXq5mOBFR30ESJvL7irm4Zw8vp2ZfqH6n_2fyO6vPIoGNEaS2PqGVtPjw9LmhSx-7oGgEqMja5HppW6HI2T_woEHsU0M9yJ1me6CFKjVp8Brx0wjjJ8AZzgWt_O5253u9x6zLOzp--_NHXIfImshyRqzC2evjTD4bIq9TbLg5Xevg3ddEPIAGBvjW-5E17d4S-L-WwasvkLkKsBzd1JQyPdLmjdsp4DRUHIaBvZBW4Pg2rGMjnjTWX5Pv5sfLarLtFIu71HiLjo0o2cSvWTV_J0KmTdgg5SCkWhCcdwKi3M-wELjkT5fH5mo7fH0kJMat7pI5kMKqs1-OYE3PGHWzGfrdUDJGoVnFeT-kmNhp8Klh-fk8fmr-AbKoF0Lbu3KogUrZ3uHv8Dbf3lkUNcVs8VQE22M1cAsCdQst6_nTD2uqkxArLiVJhSCfmQsqrPcaVqqXXco0wCPwLgyPuUlB509rCUTNs4qBmbLrsRpVsQtzjbFI3BgjcaJs4ssFuzz_69WfiK-N6UP6BdX6Cs6XhqlxnvCd79ca703YxrNMmEvZGwBx7uxvms-sRDN128uzAYzciyj5ySOGzIiLgeCjL_Lgh72Z3--IrXvZcueuNdNF9UaWqddqqvU7xK3F1HWqchiKpelH8Zo8fKKXdWwDeUGJgSAchfZglggIaZeJwUI3khpAQKQM9RWMxNjl8pVjAOKxVy6lp_Vy9O5Cr9O72QeEQJy1qWeSCqo5vBDCVPMJ7oMGjEINqr41V-XeGPNuDsU8tCuiB_K82KyEQdfGF-ytPAPiRIqGO29NAov1lLJxe4RypVVRC_jYlkIRWKc3G8sNIvN5JnNaOalOoC0A_XUZpwa3OdV8NHJDSUhmgSgopLA0gfiZGsLisJ3F-WW74M6txmkP9p1r9t_zJaPQgky4CCL378qF0Uj0k89lRZw_HkXBvCw7V6OuTo8387C8R1xf9tSp9JN4i8uCdHKgvvfF624eU4GcarvSTD7uIIw6RoGpUjAmsRraEr1lxGEArytnWxYlvyzq79ul-qVIVV9ty_WqchgX8GM_O6DtxT4MYexUNh293cz8Xso8e8TpggQ6qz6p-YEHduvOpImpOKge6-JngSubapI7ZRvQ4UnY0LODdtDjA5OCCxliKVrQ-XMXNty-O9rnZLvo71xHjWTLXt1ogR8MAQdUDsMqaR4Hqf7NxzgWCqOhTghyS2JCJol1e1zDsKubd3rmj2UM18nFNQ8m-pMNVP970aQ_id18VLZQgNmJaoJAHx0zqP20JA-5vrGXQ6_OaTHu7veo-DZ2q8xKvA6slEyF2Jm9gHIyLQKA4pHECIxeJyyNNu4qeEmAJyFaJCtoVbNBZsbLG3OMXJamIFE19_N1Z0DQJzwYaTavy54g8iB0lPRp9L9w4q2wkV18yWAS9cok2_2RyaiVHruIton4esdUSnEgoUls310y8FaeX2RVYD7zsJTkGF2OWYSW0JT7sJEtNGMVdZpDwzuub0HuFtV0xIZuwcB8YgrkmCfH9KKiZ_feiAb-dw8ijJSx4y7_3MNznDfJRx8IjdvO5j33nvn_6uia74MjzK5Hfv24Wg7R6mwrjwcjsNyuSEgx8qNj7HhG-fc3ql1ljxpM0bs31POKs-z2gvVt3G40MDaeGxriU7WNx-HjgNZBuXtffjkzWUH-X6sSkwtU6gMrjIWtduUyb0_BPAW7S7SwlIwyIpZQuyZy-_shrE2E4l0bRjLKuGJCMmG5mcW9EOVNkDPjIi_Hk1Oo1Eji8Dc9vdBeOyf2kOySJOMZeuHTTQ6sUh7aewnivDR8041Ga-JRCegNo2GRtoFt5w-Yx4_GbBMKZoKSX5fqQLKT-Indutkpf_jpVkwompm1aPcLtENqemtwjRrnSuRbYX0ILJtRTlZ3gDhNuXY178YQMfWvfwDIf7ZgiRC00-Gl6HdE43XoWhKVpU1IyK3OJz3UPD8IV9akV4qEo4n-kcvNsDiFblY8unC2X-SvaQpN3ohso-m6cgwBzCe9ly-0JlO-z3S7xNWuzEfXJekcoWQRXoBRniNUZGC3VLMsIzALuWfcUtoq88U8NO9daKNdXWiSIhMKtoB_BYEeiShlHiDDWV5N3pmcBVFe9qtBPyP6cczIAd01Hqh-Ez22u_X9VFCvJmQp4zrru4kEhSF1q6BYT1a95DKSFVvQO5TyOkg94htijZRjgKRitz6v4vCD1R1V2DYJVVoTaOwskIMTx4jetKBP1x3YnknIx_NNdTQoW0eg2tEflS54eqAoMtbAEkQ50Nzn2FSwwlySLzxWBzqYZHB5BVG3NsuJBLfVolN0_mQ8kLz29k16xEBFzZdpomYX2nQLGk16seepQN_p6UQudq9qGVVkPi5XjIC7qsdQ5FdY9nD9aE_CDT1yIX-l7fJgpGOyLpYbeBYsZsVsjMI7OpoimS7MfpUgZtbTP4YNcZkkfbedPVCYmlmzO2F5t5Nnygc-WoYsC1a9vAQsj-Y_Eiq_BJ2mEy3mYTWrToD8EbNNux0b9ccqKlYD7i9Uvjms2x-IR1GSwFfsjNxTY_JYwa5GMcaC4Bk-2h3beP4-Oq80ZY-0BtoTQdP3qDBoter0bamktJPRi84Kn1Uxx-NaAO4c9w0eBrgbpniy1qO__0YJyvGtW07AW44QHMHO6ndZYTxKZHJYB-Z7U1GEINey5-U6VrfZzmjPI4jfFfDB_K_SxntnPuw6lcMPpvk1iPWkcv5jdBEBWjIeOEqjWujo0XC12WI3fZuTsK_R11MYRbMS6dbcGE5-5IbTgXGKGw0frgUfK589oNVPQ1j&cid=CAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE&dc_eid=31078235&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=13622618253254992000&adk=2789206706&idt=90&cac=0&dtd=35

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37cb2eaadc7f96d736523f07b49622913871c00abf24755df2d2229380edaf37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame EEAA 113 KB
38 KB 69ms
66ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:32:52 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EEAA 118 KB
40 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3821
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 Oct 2023 12:29:11 GMT

GET
H2 200 roboto-400.css
static.criteo.net/design/googlefont/roboto/ Frame 7489 2 KB
842 B 58ms
58ms Stylesheet
text/css 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H2 200 roboto-700.css
static.criteo.net/design/googlefont/roboto/ Frame 7489 2 KB
841 B 57ms
57ms Stylesheet
text/css 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13d-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H3 200 VGH1mKSfxYHDdsSo-bXnFEwRYk5XYXNaTK3F8Z8cnoU.js Show response
pagead2.googlesyndication.com/bg/ Frame B225 38 KB
14 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VGH1mKSfxYHDdsSo-bXnFEwRYk5XYXNaTK3F8Z8cnoU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5461f598a49fc581c376c4a8f9b5e7144c11624e5761735a4cadc5f19f1c9e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 410080
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14820
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:12 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FE25 41 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DML4hdouhWSKzSizSnsAeaXz7XTt1KzaDMzRijRJHixHjxZgrSjrN1TrpLVJUG71fswXhpMmzUcrVfkTnNVsLEStq8Oa83m8LtFYKkKblL4srxGVqpTsb_wRQXtVjuRJ7QV9Hi7ZXFiYBS7Aw4sfPcf0dMisR7cLhBaPWiGyo9YNW7rD4&cry=1&dbm_d=AKAmf-DkGSAisUK_8zz4yRMDBQobyoQ-iCVQrLOYIM5at4pOi8txscP_1Z5aYt_ahyRdn95dNxcYo8Agw4zuxXo_numTY5gfWXznCOseuTKyQnd5glLpgzLpN116myE59KSdYj2MxJrikTrpUnP2svBmhGgWv8mD1E0QO6jYiKSshOkZo-PLz75sqoP5LB6c94MYBz3IEO2v_uhZbAjo8C2FBMMrXZUzueVYPlzzvAtgDmwGV3yl6-xNpfv7Ug3PEDSn7U734TPyfQLkbkV9GBSiNI6nprGxwkHNrP-I7WQv0hEwI_PxWofmlXn1tKr1EqVDLzkz3D-qmNf0DTa_VATx0HdEM5dIxB-OR6Tz8_6ODp0xzoxi1qcPfL-sx94_l2YYdelobzdBHb-B9s-zBoaiW7baw4uvqmZZo11CeXHAfQGSM3Vy6S1GcgF5wBBJ5OqcFSHyk58JmCtQUqYXQT4gkCTvDeiVKs5jjfXSiCkNu2G0oseIwIleyOtPsvDoQKBOHYvW0cR6vRKSkvmmNBQuc4PMJ6h_h_aNL_AUqtcxWtGY_337-WvfcEGssX0XGHEwbYhfLxrTpUy42WhpdCmpU3bF9TZbuj5Zg9p5ffg18CfxMJSkgyWiATDkrdr3xiPtRRoDYAD-wYyFbf46_ccfrXlnA_Sm-VJlrwEmOBaI9TvD9kXUw1YODwKcHNEoncSMK_c8FwCQLouvIWqc_6u72jNCLikuAJPAXN6KKFrSAfTSrgCwR0aVM001Rr8BGqjDaW6oCduwkNQYhU-Zg5Z-4ejt5gmaTH67VNyAJu2gGawqijjFf09yoLBviAIrFLCOt8LbcAmS7OtL22whzY7Z2C6JEbI1oX9fHuOWcUPlRWnGD9K40txmDya7XeI8E4ZkrmWuApg9VpVJ7IzAepaNbcl8qGTWDnm66U4H40sgFfeonTx43ZnoXbpQMdgdJzT7aocyZFAzOqR6lBMmS2gvBi1bKyzGAemumg_vBESahQIoMpprMLHxNDS-zIkFbEKBniqfFFZdgjCyUX-JVO_GkefJTC-6j-ukzGNlJc52XCzGcIwh6ktyRw4ta724kipssqCiE46f9XA7hxUYiZAToy7ujAoJREPwbC86dYaHDAxc3Fb_AdEzLALmnyW7eQtbx-B1OATg79D4dXq5mOBFR30ESJvL7irm4Zw8vp2ZfqH6n_2fyO6vPIoGNEaS2PqGVtPjw9LmhSx-7oGgEqMja5HppW6HI2T_woEHsU0M9yJ1me6CFKjVp8Brx0wjjJ8AZzgWt_O5253u9x6zLOzp--_NHXIfImshyRqzC2evjTD4bIq9TbLg5Xevg3ddEPIAGBvjW-5E17d4S-L-WwasvkLkKsBzd1JQyPdLmjdsp4DRUHIaBvZBW4Pg2rGMjnjTWX5Pv5sfLarLtFIu71HiLjo0o2cSvWTV_J0KmTdgg5SCkWhCcdwKi3M-wELjkT5fH5mo7fH0kJMat7pI5kMKqs1-OYE3PGHWzGfrdUDJGoVnFeT-kmNhp8Klh-fk8fmr-AbKoF0Lbu3KogUrZ3uHv8Dbf3lkUNcVs8VQE22M1cAsCdQst6_nTD2uqkxArLiVJhSCfmQsqrPcaVqqXXco0wCPwLgyPuUlB509rCUTNs4qBmbLrsRpVsQtzjbFI3BgjcaJs4ssFuzz_69WfiK-N6UP6BdX6Cs6XhqlxnvCd79ca703YxrNMmEvZGwBx7uxvms-sRDN128uzAYzciyj5ySOGzIiLgeCjL_Lgh72Z3--IrXvZcueuNdNF9UaWqddqqvU7xK3F1HWqchiKpelH8Zo8fKKXdWwDeUGJgSAchfZglggIaZeJwUI3khpAQKQM9RWMxNjl8pVjAOKxVy6lp_Vy9O5Cr9O72QeEQJy1qWeSCqo5vBDCVPMJ7oMGjEINqr41V-XeGPNuDsU8tCuiB_K82KyEQdfGF-ytPAPiRIqGO29NAov1lLJxe4RypVVRC_jYlkIRWKc3G8sNIvN5JnNaOalOoC0A_XUZpwa3OdV8NHJDSUhmgSgopLA0gfiZGsLisJ3F-WW74M6txmkP9p1r9t_zJaPQgky4CCL378qF0Uj0k89lRZw_HkXBvCw7V6OuTo8387C8R1xf9tSp9JN4i8uCdHKgvvfF624eU4GcarvSTD7uIIw6RoGpUjAmsRraEr1lxGEArytnWxYlvyzq79ul-qVIVV9ty_WqchgX8GM_O6DtxT4MYexUNh293cz8Xso8e8TpggQ6qz6p-YEHduvOpImpOKge6-JngSubapI7ZRvQ4UnY0LODdtDjA5OCCxliKVrQ-XMXNty-O9rnZLvo71xHjWTLXt1ogR8MAQdUDsMqaR4Hqf7NxzgWCqOhTghyS2JCJol1e1zDsKubd3rmj2UM18nFNQ8m-pMNVP970aQ_id18VLZQgNmJaoJAHx0zqP20JA-5vrGXQ6_OaTHu7veo-DZ2q8xKvA6slEyF2Jm9gHIyLQKA4pHECIxeJyyNNu4qeEmAJyFaJCtoVbNBZsbLG3OMXJamIFE19_N1Z0DQJzwYaTavy54g8iB0lPRp9L9w4q2wkV18yWAS9cok2_2RyaiVHruIton4esdUSnEgoUls310y8FaeX2RVYD7zsJTkGF2OWYSW0JT7sJEtNGMVdZpDwzuub0HuFtV0xIZuwcB8YgrkmCfH9KKiZ_feiAb-dw8ijJSx4y7_3MNznDfJRx8IjdvO5j33nvn_6uia74MjzK5Hfv24Wg7R6mwrjwcjsNyuSEgx8qNj7HhG-fc3ql1ljxpM0bs31POKs-z2gvVt3G40MDaeGxriU7WNx-HjgNZBuXtffjkzWUH-X6sSkwtU6gMrjIWtduUyb0_BPAW7S7SwlIwyIpZQuyZy-_shrE2E4l0bRjLKuGJCMmG5mcW9EOVNkDPjIi_Hk1Oo1Eji8Dc9vdBeOyf2kOySJOMZeuHTTQ6sUh7aewnivDR8041Ga-JRCegNo2GRtoFt5w-Yx4_GbBMKZoKSX5fqQLKT-Indutkpf_jpVkwompm1aPcLtENqemtwjRrnSuRbYX0ILJtRTlZ3gDhNuXY178YQMfWvfwDIf7ZgiRC00-Gl6HdE43XoWhKVpU1IyK3OJz3UPD8IV9akV4qEo4n-kcvNsDiFblY8unC2X-SvaQpN3ohso-m6cgwBzCe9ly-0JlO-z3S7xNWuzEfXJekcoWQRXoBRniNUZGC3VLMsIzALuWfcUtoq88U8NO9daKNdXWiSIhMKtoB_BYEeiShlHiDDWV5N3pmcBVFe9qtBPyP6cczIAd01Hqh-Ez22u_X9VFCvJmQp4zrru4kEhSF1q6BYT1a95DKSFVvQO5TyOkg94htijZRjgKRitz6v4vCD1R1V2DYJVVoTaOwskIMTx4jetKBP1x3YnknIx_NNdTQoW0eg2tEflS54eqAoMtbAEkQ50Nzn2FSwwlySLzxWBzqYZHB5BVG3NsuJBLfVolN0_mQ8kLz29k16xEBFzZdpomYX2nQLGk16seepQN_p6UQudq9qGVVkPi5XjIC7qsdQ5FdY9nD9aE_CDT1yIX-l7fJgpGOyLpYbeBYsZsVsjMI7OpoimS7MfpUgZtbTP4YNcZkkfbedPVCYmlmzO2F5t5Nnygc-WoYsC1a9vAQsj-Y_Eiq_BJ2mEy3mYTWrToD8EbNNux0b9ccqKlYD7i9Uvjms2x-IR1GSwFfsjNxTY_JYwa5GMcaC4Bk-2h3beP4-Oq80ZY-0BtoTQdP3qDBoter0bamktJPRi84Kn1Uxx-NaAO4c9w0eBrgbpniy1qO__0YJyvGtW07AW44QHMHO6ndZYTxKZHJYB-Z7U1GEINey5-U6VrfZzmjPI4jfFfDB_K_SxntnPuw6lcMPpvk1iPWkcv5jdBEBWjIeOEqjWujo0XC12WI3fZuTsK_R11MYRbMS6dbcGE5-5IbTgXGKGw0frgUfK589oNVPQ1j&cid=CAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE&dc_eid=31078235&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=13622618253254992000&adk=2789206706&idt=90&cac=0&dtd=35

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 925F 0
19 B 72ms
71ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CA_3BA3UZZZDBE5qziQbrjYqoBsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5k5SORi9sT6oAwHIAwKqBMsBT9AlhD8O7Tax9xdDXwbZ6rixvd5_APs5qlMaFRoo6k8mUsQd5KMBz1stAxj8W1TpeWqorlB0-5boairpvO3hGGzrj5z-PWVAdT64f7M4JjypiVxG20rCLVzILSx8aGSaxDgHOHbi4rYxrjp7epMdHkjBe1-rzOgHWkvVJ9jqZqfJx_bEIsIfrSWJ3Sm8JcSPaIFQVz-JhnnZtPxLgurN40g7AxYJxVOGbXwNpcGkihjbhtqYsWZH5W8w6qGfTDG38mlNcSLNDBxo0cmABqeKgPnDldn8vQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=CFDtCtL4Asg&uach_m=[UACH]&cid=CAQSKQDICaaN-eTfgCpVQSJtVMXxgkk8iA6YBG7S_skVOFCDaSP0_3Hlt07NGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046730&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696167170561&bpp=351&bdt=360&idt=664&shv=r20230927&mjsv=m202309270101&ptt=5&saldr=sd&is_amp=1&correlator=6950&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2821097479&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31076839%2C31077328%2C31077971%2C44795921%2C31078320&oid=2&pvsid=511706654667774&tmod=874085393&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.2j1qkui30xt6&fsb=1&dtd=680
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 925F 0
126 B 149ms
42ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k8mFDOiuBHjYBJ2DYgICAAAAsWfxCapMb_AMxl8mCK_LhhADdRllUFaqIBIR9hd3gQAAEgAACgpBUVVCQVFFQkFR&wp=ZRl1AwAE4JAKwlmaAAKG6yto22mJ_wg1Xt6T-A&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:51 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 182383
server: Kestrel
content-length: 0

GET
H/1.1 200
OK r4yapv8fhxky Show response
hal9000.redintelligence.net/zone/ Frame FE25 12 KB
4 KB 120ms
29ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/r4yapv8fhxky?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D
Requested by: Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 83ff9acba263b099897ad8f87357a07b6ca2b79276925eccff9fb45f3319fe0a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 01 Oct 2023 13:32:52 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4290
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 roboto-400-latin.woff2
static.criteo.net/design/googlefont/roboto/ Frame 7489 15 KB
16 KB 158ms
84ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/roboto/roboto-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-3d80"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 25 Sep 2024 13:32:52 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9C75 0
0 95ms
94ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsutNvjpLrs6RdYV00Uesg84369M2Lf-Tg8HPFv3U1VNkJE6NjLyiyfQeWOXCS5J5PxgwNE6RvIcbcnxuXav6bKGNf0dpVaomna-K4gJ3vIJLVgSAI-RzAFEv8q_5lOnhcy0BT1U5xdySHfAQQSEflOWxKlcQIaWOBtNZbT9pEmLbKBvtZbRIHO-7zz3K_kWb_kdVCWQnEdr03JMz8BqwxUynkPujEVIfyI09Zb9FQn65GMsxsnsoXIJ8-5Tbc7Alr-vdMokqzRAlO8p8h65nxSUwTziluvRkP5qdbpopXgpWM9Nwi9coyj_OFnpJW6GvfTZWc4_7DtAidmV-g6uJNi8KDMMBvxtDg2cihCU0yJsjTF6fPsP6rumV4LMmlwu9XceE64r-ZAcSFIhBW8JEW1tVHwNpTNztQ8fgVXIe8ZqeOGFmprziCnQb_JjIzHbOONcVb2KkV4qT3aQae6dB1KeZMKH1LB-CrAsDnR1oSLEzzlw9QpsJvlgsU3bqrhAvu1-Vq7M-I_qWuGNulqTn78JwyMe3SuTODKUQ46XVCWBjSQ-nkzQ1D5FpGG50WIQh5VzXx1X0S6S1ZkJnEIie3aMnDC_Q29VWgqnP2IOIciGY7weNMbUr1DxF0DyU6fk7-lfN4KiPnE6g0rKm6mH08e2OR-yLpLI-QQ0EikTmdPcmFjkYu1Zeu7J5oR8Yw3yoM2bHDTerzlBLKW4aO3agb_0L2YC_Dc58BvwVESDLPjPjX0-D-1Oh3bQ7oPxGFCs1cZzFXnVKBfB7gZEvw3BP3Aueu1rLLcqOLDLvjbg-Fs4j5GjsOxZXbSnbF8_7c0aFCUBSgpCAxQaYdVGjlN-josVSHvsttiXC-VZEQ2MIoKh5PKLb47Wzo-gRLuln8S7ZTpMmKJj-o0QgkkT7d-3-u-8_pGs6QA_IAI5s2kUPEppmBx5RwBLy2q_el9upZbXnz57L4Cw79OKMMDlOU9ti2p654sNSvqeRk3wvXK6RCPGTgVv7kOVDgXMIjddzdIwKl1f2GFWLKDJlOMdAK_WnwdmGRXtkn0vhLJvo9xJFkNy30lWJK2E51iy2KwIb-xTlhDs-hISc5PbC52VdRt7-5iOEA0AO-NdaJPCjCaOY9IyoNo6jXCbir5cUV5VBlwXjNzF7rJNk8_8SPWmUFV5wOaTBFqCdVfVNqBZHXKo5x4c8bf8Jlvlk9RMeIKRgOibl3X6AuxgG3dZSvpUdxypxA72z_sYwjDZST4CmgtrxTSWN1T90h_ZOkkVc4qDBdPZV7QQcqxBarVb41pqkVTX6tw4-yO0AjmNgXrX2f32JsFY1pvSKYPViSVMUW9yi0zxWQgCxybd19v1TxhUr8R0TGoAzLbGnOw&sai=AMfl-YRLAAaM8UbzjkJSb-fOwdq9GomvBIbqkzbiq6svSax4RyoFL5HwV6bR90OiyyIVUrMwvfN4w7hVM03WGtevraoAFQEcGgXzXVP_A3fnNaIyAc24DGNR52Biq7uhveXTN-fdfojBZQAfFEMqLfMXg9PKS6AUSoFFp-fkOU5aT3_Cn06iAF-m7yz630E46VxTs50dlF8-MyiB&sig=Cg0ArKJSzGmGm5lU7zgLEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=875&vt=11&dtpt=496&dett=3&cstd=364&cisv=r20230927.29609&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8E3F 22 KB
8 KB 24ms
22ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 263184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900024.redintelligence.net/ Frame FE25
Redirect Chain

https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
937 B

148ms
93ms

Script
application/x-javascript

138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D&documentReferer=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8923243553936&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 896e99481fa3358f1b2bef31e315f8810587a3045bf29d51b6ec27d7f616ca68

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 01 Oct 2023 13:32:53 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 22767600072786504438442012464024
Connection: close
Content-Length: 331
Expires: Sun, 01 Oct 2023 14:32:53 +0200

Redirect headers

Pragma: no-cache
Date: Sun, 01 Oct 2023 13:32:53 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D&documentReferer=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8923243553936&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Sun, 01 Oct 2023 14:32:53 +0200

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D782 0
0 61ms
60ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuO8DGZfLZJIQ9fsRaYtIrBCHC6PEbaPr9Pg8Id6NfRSi54LBfZrXc6GuRm_uJsBvIMEl5wufn9eBUZj563z5s_VDuuNhpANxwX8cx3H8ZLgPqPH5Pl5ZMjFYLln32pwxerMONIbqGbRkMhojkK8UaqpexG90qZ4DUDZvhPbpJvHxHyHOLskInCXpylo24z5IaU4jWVdbznpR3uuPixgG8H2imkFUW_E3_pXnj3v-nxsZqhA8Bnm3FnzJ7JNBjKcPFn0mrHg420vNmI4Dok9ol7OZYwj01v902UK_0y7OWyKS6lxW6URq7OEXb_xi5epAfhfk_Vt90xFegMDrdateOEwCa-ptlXHHCzBb3isSI&sai=AMfl-YT7e8nkLdUuvyLzgZN2ISqXruWYlYJ5w_Yo2upRLPxLBTqTFsPknPzMFKFxS73X7wAjEarzAfabz7nlCS0&sig=Cg0ArKJSzM9H-wN9YcUVEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 01 Oct 2023 13:32:53 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D782 16 KB
12 KB 70ms
70ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230927&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309270101/show_ads_impl_fy2021.js?bust=31078320

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07fba7a61a880a33dad3bdd742527acfced06df52bae448d15106783c47098ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12119
x-xss-protection: 0

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4672102/ Frame EEAA 4 KB
2 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4672102/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

decfbe8c158a2cba02ca73b8bdf79f27b58757217a01cf6a492feb29d25d9458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1793
x-xss-protection: 0
last-modified: Mon, 15 May 2023 11:48:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:33:02 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EEAA 8 KB
6 KB 101ms
101ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b35db588e5192edde1275dc320f93594b0d1d6d638b7a365e90dec328b450e4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5851
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 91D9 0
10 B 31ms
29ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?GzO3Mw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 VGH1mKSfxYHDdsSo-bXnFEwRYk5XYXNaTK3F8Z8cnoU.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E3F 38 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VGH1mKSfxYHDdsSo-bXnFEwRYk5XYXNaTK3F8Z8cnoU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5461f598a49fc581c376c4a8f9b5e7144c11624e5761735a4cadc5f19f1c9e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 410081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14820
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:12 GMT

GET
H3 200 160x600_js.png
s0.2mdn.net/creatives/assets/4672102/ Frame EEAA 71 KB
71 KB 23ms
22ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4672102/160x600_js.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de68f78fb282490f424a1ce35f60b2260edefdcaf840f67c7340b0dcf04a34a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:29:07 GMT
x-content-type-options: nosniff
age: 226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73100
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 09:49:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:44:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D782 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309270101/show_ads_impl_fy2021.js?bust=31078320

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 13:32:53 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EEAA 17 KB
6 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 01 Oct 2023 13:32:53 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AD13 0
10 B 23ms
23ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?E8f6pw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
DATA 200
OK truncated
/ Frame EEAA 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame EEAA 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame EEAA 4 KB
2 KB 22ms
22ms Fetch
image/svg+xml 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/star_alliance.svg

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3117435f29e0de48ea6ed19bbe21500a39ac0901bb4962f6b65a938162f54b8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1838
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:06:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:38:36 GMT

GET
H3 200 MadeOfSwitzerland.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame EEAA 9 KB
3 KB 23ms
23ms Fetch
image/svg+xml 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/MadeOfSwitzerland.svg

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 695
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2792
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 10:19:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:36:18 GMT

GET
H3 200 de_swiss_rgb.svg
s0.2mdn.net/creatives/assets/4669666/ Frame EEAA 2 KB
877 B 23ms
23ms Image
image/svg+xml 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669666/de_swiss_rgb.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:26:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 401
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 849
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 15:45:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:41:12 GMT

GET
H3 200 Sunbathing_160x600.jpg
s0.2mdn.net/creatives/assets/4669663/ Frame EEAA 17 KB
17 KB 782ms
782ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669663/Sunbathing_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b62d79636704d99f6e070ba6c8eaeb69638afd2b5f831c606fd66b975ad0da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11466985122124808424/index.html?e=69&leftOffset=0&topOffset=0&c=KkcrAwiE5g&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17228
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:00:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Oct 2023 13:47:54 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DDBE 13 KB
5 KB 24ms
23ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5091
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 12:08:02 GMT
expires: Mon, 30 Sep 2024 12:08:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 37CF 829 B
559 B 32ms
32ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

752d001ed89ab550af386f49bc95ee6a0e4288757cff89f23c0598e3da54caf5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-viRlLNVeGUQBkyNliLbu4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-viRlLNVeGUQBkyNliLbu4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 13:32:53 GMT
expires: Sun, 01 Oct 2023 13:32:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D42 37 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5091
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 30 Sep 2024 12:08:02 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900024.redintelligence.net/ Frame 4152 7 KB
3 KB 92ms
30ms Document
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=6c2ed2ede7&subid=&uid=db47fdb0bd95e97a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBq2jA3UZZdqJJNPC7gPwtaj4DZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakC5k5SORi9sT6oAwHIA5sEqgTmAU_Ql04F_Eo29V7pouxBtlk95M7g4dXkrPsFRFNIsDqEDWjEbrf-k3eQ8BDqNlmd4EdKn9OUm6Zuoj9d7kssMAkarGXcNrhfBDvjimh8-O9l1trAKPc0VT9KJHG6RAJuQVdIpZSXY2DsABLduWLlCHPm3ceFnryGu-5Vj6SJUiF_KKa52kbg-CaHJLAHsiqAazbdj91w3iHShqi82O26zprsdWkvsN2LZHIDsO-Bic_L7WXPjRhbwQ6EhJ0tlH8qyqrw6c-aHYSdce_KiYJcTvJ1kQDb1b96FsIc_3q_bETj2cw-EwqJwAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIyA0B4g0TCIaK94371IEDFVOhewod8BoK37ATlbXRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26gclid%3DEAIaIQobChMImpf4jfvUgQMVU6F7Ch3wGgrfEAEYASAAEgLYo_D_BwE%26num%3D1%26cid%3DCAQSKQDICaaNIf0w1V6J7GrZxcqpfTDgQcF9kxGSxPvQZxwqgTmAq9exuYcCGAE%26sig%3DAOD64_2K70dOn3UzPU49dymdvrkH8dovrg%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-D_y6VXLv4ncNmBh3adYRSf9cBSunBgkYGXxS7BhCXGH9K-nGlouCjdECKdS3aQWxyeclMB6m2qbBVGnOia2U11I2R1Yh1XuqzxwbpdsoUeaoXv-V4jSVVm_HqGXs0lkBepd84dAI9jMvnZc0sk3KYLUmujxRr9Z7nrJqSQaLWLRSGmFgQ%26cry%3D1%26dbm_d%3DAKAmf-DVh2zakQmFnB9ozDQ39Jz0jYeBKpHv5APO6bKGUIl2LYD3vHZtM3WkJPIRw41F0f6gKi8UK2cqVqxySNrk4vlt-YAm8Rlf27yBzOJMVyR8lsd7u8vTy3qEhqCRfw99JJ1vHcZZii84fbeaDxttqaj4piVHWzTh6z7KleNrxMAS44Un_M1PRvJYNUaltUIr6uBYg87rarcsXAcKtJp9OpZLcdjyE3mwGz2DGkHzyMP1UU9HsLmc9cGjslT9mBHNJOOAbdNGDn7BOIJn0AI_-GzWI8gHkIVckwe-4EZtMxCgDgawWr_d2NGdvQwt8zygVmCZyW2GPT6LNXGvPx-sTfFq34K1-v-v_WY8SrbUcJuGQBEtNzPbd8oAy7TKIqG-NbbyHImayZr2XHmKVGfCeQIXVDgBNGrseh0XRfECvs06qWjqQMthGuBpPJDO9CU6Vm_fUABjWQe0TUktQ_0_Kx3CLZGemtCxGe3C1rznxBCYvIDsJyhQR_gybTh_XdCOyft99h8daPwJ8YwdJvBZWFdsePRj5pm9rhSeeKNKbaZR4tDPhF-WkdhmUiV76RWMVsKEzZu3b7Y8QFoZ_Gtmcgj402qrBe8JaPAHpeswfdtPz98kasUzsstL-MkO56sNQdsuWD8HyY1DX-dZV6Sm5XII7V4WJDn3hCv_8wcX3jQfwDrSqTPfPe9P0jERndYKibTx83a9%26adurl%3D&documentReferer=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8923243553936&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 24118f8956aae587d050c99a3780cc0ea8019430998791306b2a631a671d2c0e

Request headers

Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2287
Content-Type: text/html; charset=utf-8
Date: Sun, 01 Oct 2023 13:32:53 GMT
Expires: Sun, 01 Oct 2023 14:32:53 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3CBA 1 KB
643 B 23ms
22ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20248
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 01 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Mon, 02 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 4152 89 KB
32 KB 76ms
22ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900024.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 16:24:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 421711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Sep 2024 16:24:22 GMT

GET
H/1.1 200
OK S-300x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 4152 95 KB
95 KB 165ms
57ms Image
image/gif 145.239.2.103
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x600.gif
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 145.239.2.103 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS: ns3082036.ip-145-239-2.eu
Software: nginx /
Resource Hash: a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900024.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 01 Oct 2023 13:32:53 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-17bca"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 97226

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 37CF 0
0 123ms
122ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230927&jk=511706654667774&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 3CBA
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1&google_push=AXcoOmRIl7kvBc8oC91Fr567fpr0dZF35QEDo0JPbjqLgz5dosn8r17LugBGtO98-P4IuwYQRczp0GQYcXKKHBCHH8JpVuzjGuQA
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzU1MjU2MjIyMTQ3MzI2NTI5MA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1

43 B
398 B

35ms
34ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1
Requested by: Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOBOKtFo2l7ExuCC1ujwGzo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CBA
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QoUsa-rTQ26dfiWRfpZDCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

37ms
37ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QoUsa-rTQ26dfiWRfpZDCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmRYSX9jD0QyAV8MEYLPflfpaf4DydTsqaP3YhAKsLs7tZO0KYbJIvN37dld2RTfGv6CA8ykf9E9JoeerVIlJP02d9WyIM3D

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QoUsa-rTQ26dfiWRfpZDCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmRYSX9jD0QyAV8MEYLPflfpaf4DydTsqaP3YhAKsLs7tZO0KYbJIvN37dld2RTfGv6CA8ykf9E9JoeerVIlJP02d9WyIM3D
date: Sun, 01 Oct 2023 13:32:52 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CBA
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_hm=ZRl1A-2SgqUG5y-vjE9BPgAACK8AAAIB&google_nid=index&google_push=AXcoOmQ0Ai25G-RKfucpRoTKycgKsfNFz0Ztb...

170 B
188 B

50ms
50ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_hm=ZRl1A-2SgqUG5y-vjE9BPgAACK8AAAIB&google_nid=index&google_push=AXcoOmQ0Ai25G-RKfucpRoTKycgKsfNFz0ZtbaEF4KxS6w35PHpP0FekYIFPIcPVO8Cjr8jSTOlYem6gxJr3ymYzsTUrL2o55Rvn

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MavoDc8pG8G49EAkj3ru3zJPV%2Bp9jC6ZQogz25pm%2FKGYAH%2FywpxO4vDCG8Qaq8xH3epBnMtZpxaIsgATGUMAKWbk6Zlo4mEClNJbVj9EZeNKMadUrL85A2gqBxamLXgeFxptCjXWFBPnNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECs0B2ff_RVWgJgrjMG32Vs&google_hm=ZRl1A-2SgqUG5y-vjE9BPgAACK8AAAIB&google_nid=index&google_push=AXcoOmQ0Ai25G-RKfucpRoTKycgKsfNFz0ZtbaEF4KxS6w35PHpP0FekYIFPIcPVO8Cjr8jSTOlYem6gxJr3ymYzsTUrL2o55Rvn
cache-control: no-cache
cf-ray: 80f51303d9df0200-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1 200
OK pub
cs.chocolateplatform.com/ Frame 3CBA 0
134 B 810ms
120ms Image
text/plain 159.203.145.121
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEGVKtOjdLXpi7_M1qx64AFU&google_cver=1&google_push=AXcoOmTOChmUs7RxdCXGnMa9INVmHDLtYS1RLNWzEavKqXCyudhYU0XADSA1LrWSObJdV2_f4qz6tztsM0a1Yyswhcxd9eXgY5Q5
Requested by: Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.145.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: CookieSync Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 01 Oct 2023 13:32:53 GMT
server: CookieSync Server
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CBA
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEG4iHeGXoHU0oQU_xPFlIq0&google_cver=1&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9e...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9eTZbp16KHu0lfD0F-ZkKM8Xs8_xWD18RczX5paEu0AP9&google_hm=QlMuMGU2Yi0zYjY2LT...

170 B
188 B

41ms
40ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9eTZbp16KHu0lfD0F-ZkKM8Xs8_xWD18RczX5paEu0AP9&google_hm=QlMuMGU2Yi0zYjY2LTRiZDktODU3OQ==

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmT1v3Yqq86gSKsm05ShZLI5eKlyBoNNHzmy714UTIRJhBKqUQJ9eTZbp16KHu0lfD0F-ZkKM8Xs8_xWD18RczX5paEu0AP9&google_hm=QlMuMGU2Yi0zYjY2LTRiZDktODU3OQ==
Date: Sun, 01 Oct 2023 13:32:54 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 3CBA 0
35 B 99ms
27ms Image
text/plain 18.197.170.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEDJ7bdTKVGYjbBC4G2UlBJ8&google_cver=1&google_push=AXcoOmQw_Ud6ihGtMA26_1zNHoWywBFdxPYjTJ4fL7YcMcQCaWcQM9wKbLbITY-yO0_Hh_oksPgaEgLsnGQqv7aeks-UwWUc6xFLmA
Requested by: Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.170.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-170-218.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3CBA
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEEn9vMnwx...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEEn...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e5e2e83c-8346-450c-863f-f51ac079347e&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

34ms
34ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e5e2e83c-8346-450c-863f-f51ac079347e&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e5e2e83c-8346-450c-863f-f51ac079347e&%%GOOGLE_PUSH_PAIR%%
date: Sun, 01 Oct 2023 13:32:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3CBA 0
12 B 36ms
35ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IBuMtPjtHeUiSFap6r6w9MeNW7RnCf5vk4RqMcaJGKemH4AWO8syLMA1X5ZfsvjreHo4JlqDsI

Requested by

Host: d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
URL: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:53 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame DDBE 37 KB
14 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 12:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5091
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 30 Sep 2024 12:08:02 GMT

GET
H/1.1 200
OK viewability Show response
hal900024.redintelligence.net/ Frame 4152 0
150 B 104ms
28ms Script
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/viewability?s=22767600072786504438442012464024&a=9fa5d72e&vb=m
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900024.redintelligence.net/request_content.php?s=22767600072786504438442012464024&a=568bf7af
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 01 Oct 2023 13:32:53 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4152 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B225 0
20 B 130ms
128ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6_eKA3UZZabkLZ3Cx_APquq-0AQAAAAAOAHgBAI&bg=!kZKlkt3NAAZN1Q_XbdU7ADQBe5WfOE2G7w1uuJ92yjroDb_8lENNdPsHkP2RGsw-kGmNBDspbI-fxrp0rDJ8EkkmxJm9AgAAAyhSAAAANmgBB5kDRkuUDf6nBMDT1PIp8BtEGDM-WudmyPyeE-MiSd5kb2RgNs3uzNaKe3L15Od0ajlH8jdnC7tdrwTrxqp15I96wGiPJ2xTwN3OnTSiO9aXr1kzIb2UgDiS3gMn6RV-S_9GvrB53Ww1MJ-1RPyT5dLpcb7UqGsmyF6w3-4qyF7g2QG4DgNfp1Pbh8RY3twvaz2cGNLYTSWOFGV2WXk0LFSKjHSZGQkYuip47nSQ2UXsJ6dimEr-m-cBTa2emEO1Umg0ahPhg1QiLym9qtfQdTIpUKmmEBVcodqKrdavUEln-iB7tUZVo_jYjbobXfa6AqgU52uj0IKZBu9q30arlJDyE8-n-f-coHur6rqfEW7ak5IsQ9j6q_RdG53iuefzM_Yg3zBPy7aDGtaoLb_fLmt83mwrZb6AC82kctav3Q539iJgU4Bez-hHyzm69mTjH52sPbVuWga6P-3GKfaFn-xtj5PkNSZqpCTTRW_Lq6MhhZ7JG33QHzl9RdY0BgtkDStHgesDdgv2HfHa4SPhQmlHlpjYlmnX6OWJyfNYllt4NXMPUeiQo_3Bromp3FWa9t4MmCayEIz_Xl5ILY3wH9uIecv20pfv9XiovMrhgX4OSoEmC_VsKDyX-_6BAzuwczhhDGWATFLA3O4wqzAjMgfkG2a1rVOYuE6jU_5P6uJ0eoKsl5nhr78qNtZa3iivehyLe-Uurg11sFAcc3OV6lRiuzurcrLqneb9ESSzdaZcE2xhXPb-EyZ6zlLHsUvagpJ0TAuAMP9Ncjp8pD-GUUMbeOrokZKl6mtCPa2Er_e_mu_yHSxtWMyvNpcnboI_ZXYbeLIIRbvVoNknShcxbIVRO8CqoSZ8qBGTE94Bnusehc4vdjT3NmI7NPsKtZQilyGSFl_VrmHboNjA7u0TiDxBdfsJUrvMvqpp3lpEX7MoKfPeYyz3B3u_hh3R0SGpE3sRfOh6KZiCuDSvWfn_zSB_nHxlc7v1WtUWg0oVov8vxHAmi1Vfr2LBOCgoeHQQGXUcp5psOx8Zlw8VEmcLWpvc_CAAtD3ZJkRKfWxt30YbNCLFjueVM6N0kSscOpLfMNf_kkMlXst8EBvgI9O9JstMSKKvypPPoio

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C75 0
20 B 122ms
121ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=94553774153&version=m202309120101&ct=76&x=1&cor=3191800397699302000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4C0F 0
0 128ms
127ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309260101&jk=2987738657539224&bg=!BgWlBUrNAAYEJRtnJCU7ADQBe5WfOEMxjs5tun1NWig1WYC6S5s24qoGWgSgX5J1TYkclBhbv2greC3oX95mkZX6SeYKAgAAA0ZSAAAANmgBB5kDDr5tjjYQyi8D3uGelIFM9n0YAPnjIKsN-IVqp9e01-o5lARwMrgDlnvdGW0lV0wHJpqE6P0IF3la996XtfseESomFTpmplwwgxs2KM-oaPwK-Cmr1LxZmbQTPVuc3QmsfFbu-eSTiNjEo_0NzyF5j6ZA0PjeJL80AIrNdaGLlhJqpI9pnNCLuCXjjaFXrraGa4yFghKBrbK6RtolxZLMEnLpq8Kng7k7CHQajSkBmmFYS22UGBxspWvhfvQuA7CTaiyTA4Qmw2H-r5uaXbS1OOEl87qCOveDE6N3b1J2U--HR3xRqaMS56cZ7Jx7p7nJZaREnp2dl-pS3PpwEz9zjb3GxUhnGCRNKy56Y9Wc5azLnqHIN4ZKVcnUkNCNMqnwTscjZMnI-nkMhcOGnfc2h9SP8bRB_KKT6LKqoqQTr2VnWbj1Pn_NCsg-H2m9YP_aF24ebXmflLkKgWq-xlNm0XSikoQH2OuVGWojrD39EXEea6zIBcTHl42rdPSbePs76j4-1esD4cujMsXZDHhqN0whyz6J1zjfu2UzXs0SY4_7B2Wd24TK-dpWqsfjB_1d3Kt-2T1e5K7SFHhFkjt9s7Z2cvI2AFraduxqBWJeHgBTQ_mfX8go27rQoydwUcqoeIPCnrGtcmL9bhN2VO6tNcWuk0hgWjp5BwZqn9bD5ObP-BsgNZlxbg29npE25NmYYR8EZJpbjAwowK1lG0gptWlxq4NlKAhLlQVwiRvuQFdhrm24oJx41sBbKU8_Rj-Xi6fCmvf9CpidEMO3d0QVCxpS_ZwcFb_jhVfGVseYFNX0CG3vf0uB-3V4lhnpO_u3Uv-og-Mg-sxpJYNN9naWpgvqSCGwXZb418Lx5FlF0PXTDXuhS79NYNV6juep8K_U-9_Xjk3ibMW4gFu61VbdQhfAiDy-vMDq6JSNaIEdvt4xrq3ol2wnJcjVkC5rFJy51k6Js3CtR0Z0J3t_C6_CwQie3xq86agcaxPogHs2hIi3BkXLCd0lOeDrwE1ebWX9e5FvodUnim7p1BcQ-zYW
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8E3F 0
21 B 126ms
126ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3_ZEBHUZZc3jIIL03gPwoJvoDgAAAAA4AeAEAg&bg=!cHOlczzNAAZN1Q_XbdU7ADQBe5WfONp1e_TwOZlpHUpOIQgO_Hmh6zOad0KU-Ow_ALkzsmnz6qSeHQX316Mh-Ok8q7P8AgAAAohSAAAABmgBBwoALf17ESwsFaY1uzhGk9Ay3WpTP_3aVb3i44NOOZt0o3OHca276_Bpd2c9QrLdpZkDTBv0nyYbaXFEyr19g8NbazGT0I9bWVt_jvs0uSUwS0GEYZO9ZZHGVDHcV1LdyfQkO62izL4FsI4K-XC9SrIwVR7QdJ5AwC0PCp742MraV76lKG58Pxq5y2E8DOIj-vwWlm14CfOj0ntYxZPgOOlGBfmcRwMbWy779cHm24qS5HVNDab23PhTcxsSoSPi_-_C1frVdTDKAmt6xyvgo0olT2c2E-1q8toNf8FZd1elg2Lp1Z9H3aoIWhvaGnAKeK7SlVlQx_neRryvvCjOgcHyLOW8w1i_QX9J67otBV7Aj82lUhEldXE8moVXjc0gz0jgDc5DcKlandVNSqcfgVKrP4f7YUmdLBWaRvqgiBhi0OpwxurmG7LrTS5ksPosCCKpJ7h7hzN6THFpyxnCAvyJvaO_ZbEYGojliWE7aXLNqpJqAWdTiI-FAJYgj_OBgDfwF1RU15MQfqpIPbh0K17BvquzkyAIBdD5WcA18zLWtdzMa8HNySgUQ8cumvw59yd-8kPPOdJRkTc3oGpfgSZEKzuTTYbFk3JoS1pZ_eLIx9kCWdzfaag4nMP7BqK5XE35snkYWkBK6Fpz6l0NuWjIPSwvBATWibLIB1R8IuMmzwcMf3sqzUsrpslYnz8wfi3g_cNifMlp7kBfoI9YSyNJsUcL5bEo1GgUxuY6V4010boBVyRvRcjniThj1NDOd5WVgTbfkxLmuYYM2t8xkpy9YxxfimrXzpvVA355oeSdj71XKvQ1XnnQHo-HGC21wk0mjl73R7mfhLXNgC2C4sd2PbYEZDvNVgNfWAEBh37cvHnK5qXGrLJIMnLnDoFZVgiMfl0v521yFt8q7xfft-H0rbVCMA2xS45aZZhMPA984BgXL6_hDcWP8FCe8D0WHWC3oLb9mHedxXzcy-S3ezVuJuQRRsPOJmcy_nv4l1FQEInBEBIhprJ7w2s75sbxK1SpkMDV5cKUQO9a4FI_pwY2WvE5ZQRTi4w2uJO92CZaFzsrrcXntEFak7fFZP6Rf9X5SbibSqhkRSSini8urCqcqAw44zJazbiDAVwKKrXoaC6IaaoixTZ_hT5xoLm5yHEv72DXDCXUn-C4OOmlYi3UUYNRpD-A9Ji9aGf9ySI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DDBE 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3kcuNw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 13:32:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9EA5 0
0 131ms
130ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309260101&jk=1844549355159672&bg=!TU6lTgHNAAYEJRtnJCU7ADQBe5WfOIm2JJRi700DixcAsDNTervPgRz-oKjQrHWSjJDx4WQC6-HvW4rPovJyXQexgWVeAgAABANSAAAADGgBB5kC_jKc6zcVw3uQtwReo2h8mrauN7aBauLSBq2fXF-nb6I0TAkStgYf24MpAEeJLddvYB-oHXf2xWhVFltCkI1nsJd6AgVvPfcc0_MT93cruAVw0G3RGBdtCy9yL5iIZ16chPj3wGUmUn3RvFHNxyvHdxPNQdJCxeNUd7PAsu9ngbxcpcNGLGX6V9melM6uUMHozSCIS4ozrq_Jn5ACVFrst4v1RL46Upsfd69116rL6L_Co3xw7Ky-8OY04lkHWe-Sv_qCHLh8QISuSp4dQJnINYgkPPE0_qW1z3lNKgD_1z4VrAY3a21Sjb9qydYpE5M_I2vH9W1MegEeex0thBgEeLF32HWP5wV6Tg0NYwKJU2B3kZC43Py6hHpPTkncw4vAECrGZLdEgVJMaBX_WjR57t83yctKiUGp50DstCp-Y6gE2qG7CxUYvgCiVTLRSGgiwmIcEAYOyMUfsCjG8t7m3qTDeIQA6adQ_S_cgsopeKCjS2mWeKAuQ5x2045_gzoTBfEWo18Wv4tHRwpYdZ3KrwnqjwYG5VAzQ1fl7fXkov1NeLsEUakyMgaQA6yyZzBgIXG6urJj9WLBZ4up_TSkahBAoWnSqDKv4UkHcmELvCZ5E8Ob3HcV2yFmF-D0KAOSCueUw232f8DSacDnvuLXQbBZiR7_vvr_BlmnaWxDl1WH18kaTdSAx_LR0SE2nSg-HTRvy0QehLIT015cb3gTaXq2tKbyLqJMzUjiKYz2le_Wz34T8MQZq26c0MJMp1sd00Cbu8sLftG-F-9Ik_24IPde3iWaPj9hTHcroc7UD9xjvzvxbB_ElfMa9kOH9oJJP62bP1Q_vUztl1uz13WlXm8qFVY35zQfBJOjYvImKLalj3Fh6S_5OKNEvJwsnfG0Gupe5O67M6rJoQWgEeXo0tTUZw6BiwlQGtunVesWL_b9WHu5bvRCHJ1HKJ1qtR8tskpzYAtOgX6mGd5gz6PS_clIgpIJSapsDHSposq6obAJtWHqoBCVdgHQMqQWnkI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D782 0
0 128ms
127ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230927&jk=511706654667774&bg=!MTKlMn3NAAYEJRtnJCU7ADQBe5WfOAr9-jV9YT3rnyQDYsWULn_LvAcYpQUB7KT8W14MjfP8bop0hdBZ93Rxfu00zlxNAgAAAOtSAAAAB2gBBwoAddx-8beYffMoNuvuZiBm-QTlb1KFmuw3yLTucaPD9NUQJFO1-t1THr_eupekRfp7AxRAj6k5uAXJhq4qiZMDycu0NjYj-r1EFCLdRYrbFKMtdNhhHrz49RR-iis0RnJi1OcxBBv9Jc9XB5jaY2trhhMSG10A5JkDABtMAXgYZibAZh4eW6WePC8tLenjZZx3V6jyKX8BBe43iioYauaG4Ml7F-7dsSLfXxrgE0R6akiv_talxHb38TFIWD3UViEWp0WYEeUjB9twgquln5W-obssQjHo-QgDb2SLgTPw0dWjWmYVgGSxotgFs85RF7CnIrNfhZtx9d_K2wHBVGsKlq0oZK6wgY1LxDYiBes6MmjWdpAi0XCUV32NYDRMialAm6rOtiKJ6OwgAvJakaw90m-VoM5NNugZ9ffyUGRl1SsGlBYNtDOBNSqQjWBwz4lwaSWpzjdWSBToXQSWc9kCnrXpa1pKOibmpIgNzlLZM0mwgQ3OcrPl3lfVUPWQG9lBdiA3pmyTlwHdjGIogOpz3Zjztppm3mRU_bGDnPV4inBetBBRhPsLjcGct9Oo_9hcpt8PfloeHjtfF6_treyX7XZeZKAtC3c6oXj2WWP9gp-AIEffKOD1zlk9ibqrZjRCTXsOa2MdBn65J-9Li8K1pGUuQUXRvcnEXnbmXPCrbFLOr2NiugDGuqtkiqm3GIz0LS7gGhCFcXZHufBA3OXHW4GL-QTgnjO_2yQ7c_Z_3zkWBpoZqkPtXUXmY1sGLjnHgCKbqFOEOYCV8XtRE7TLsAfB5QOAnh7Lb9kHQe_GUjYV6ZzWBqN6X7aBTtxqEkkNRfVMy2aE1wEEi3av9id16EbpwwROmBC_WGWuSwMCuUUI6rLJ2zZWhcz3QB2Hz7_PPDQLqvwy6Fb_AOrQmfNzFf0_Q0NOfQfPwiW264kWKU9ydQIIwWzhJhF5NS0Fo0reuJMq1V4H6N7hEKTO4ZBzciyWezoZjxSUejULTQcXPJYurGNf-MzAapxxlRq7svOqPNN4xHS3QKz2Ct62569NcI1KF6kt20XjhNJAZrtn7jdC9P4dmwtpr4xZSe2aRyhfkVsjKk3lTEPUIY-FYHelsdbgfNAE1eDSJx5iwHSpvWyqoDQCP-alsPgWADT4i-wV7R0P9rijNj5h4LeRNLZ73mO7UUm_kNFNPQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE25 0
22 B 122ms
122ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=942820722026&version=m202309120101&ct=77&x=1&cor=13622618253254992000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 01 Oct 2023 13:32:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu3KXcXFf7_yvs3JebqrGPfBWqGhJcPK_NmJGUXlMXap3DU5q4AvEcUwPMV19yvgs3KtlO1MfHHkpTlxV3R0G09zC-sa0yqjL49DnhT7FY6OUVfz-SX6IFPsXiSKMcs&sig=Cg0ArKJSzE9o8EeTPnjdEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20230927&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=1247079451&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1696167171480&rpt=313&ec=1&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:45:27	Name: is_unique Value: sc12916097.1696167168.0
.statcounter.com/	1970-01-21 00:45:27	Name: is_visitor_unique Value: 1696167168256299328
.xgcartoon.com/	1970-01-20 23:55:03	Name: _ga Value: amp-UDB0LsyU6PIE9FdO6lhrTA
.doubleclick.net/	1970-01-21 00:45:27	Name: IDE Value: AHWqTUksQ_EEdS8YXCZ9g7F0-5WLB1u3MogGLazms-GGrRch_SmoS-6fnFpYVrU5UME
.casalemedia.com/	1970-01-20 23:55:03	Name: CMID Value: ZRl1A.2SgqUG5y.vjE9BPgAA
.casalemedia.com/	1970-01-20 17:19:03	Name: CMPS Value: 2223
.casalemedia.com/	1970-01-20 17:19:03	Name: CMPRO Value: 2223
.3lift.com/	1970-01-20 17:19:03	Name: tluid Value: 120961496608977189201
.smartadserver.com/	1970-01-21 00:39:41	Name: pid Value: 3539880946009885725
.adnxs.com/	1970-01-20 17:19:03	Name: uuid2 Value: 1560556237429158966
m.exactag.com/	1970-01-20 17:19:03	Name: exactag_new_gk Value: 03302896f5974d74b1b13610a8abb876%7C30.11.2023%2013%3A32%3A52
m.exactag.com/	1970-01-20 19:28:39	Name: exactag_new_uk Value: 29668aec743043719a2694b2a8191480%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 0e8ec8fa972240769758e166
.yieldmo.com/	1970-01-20 23:55:03	Name: yieldmo_id Value: 3eEBpEEPPyEZbX14Zatm%7C1696118400000%7C0
.openx.net/	1970-01-20 23:55:03	Name: i Value: 51229b5e-f41e-4c7f-bd25-0ef2b4463bfc\|1696167172
.yandex.ru/	1970-01-21 00:45:27	Name: yuidss Value: 7395660631696167172
.yandex.ru/	1970-01-21 00:45:27	Name: yandexuid Value: 7395660631696167172
.adnxs.com/	1970-01-20 17:19:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HaMosyd!@wnfH8K6pQK`!5=E<L5?%M77l0y#f#.S(jE-ePdYqrYlx(#9?8!'%imU`6%nugO%v4VB%nnw1*:gJ-
.go.sonobi.com/	1970-01-20 15:52:39	Name: __uis Value: abb93801-098d-49ed-b245-5a6bea8734d9
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86152\|ZRl1B
sync.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id Value: s%3A0-c070b215-1837-5379-4f20-88ccc3bd1025.87a3yXxqCCjC6C1DerEXX47DXGajEkfOsZ1Nh2owFkU
.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id Value: s%3A0-c070b215-1837-5379-4f20-88ccc3bd1025.87a3yXxqCCjC6C1DerEXX47DXGajEkfOsZ1Nh2owFkU
sync.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id-v2 Value: s%3AwHCyFRg3U3lPIIjMw70QJS0M3q0.6kCnrCOLi7i2yGS7PrGwRpQgwSD2FL7EeVeWnBx7%2B4c
.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id-v2 Value: s%3AwHCyFRg3U3lPIIjMw70QJS0M3q0.6kCnrCOLi7i2yGS7PrGwRpQgwSD2FL7EeVeWnBx7%2B4c
.tribalfusion.com/	1970-01-20 17:19:03	Name: ANON_ID Value: aSntmIN3IdaSIdwFTkVRFWRZbe2MorW8JlJxr5Zc4DVshg4ecAxD2cKG3OjUL8Wqfntucheo0BnYUZc5D1SJ999o8jJ
sync.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id-v3 Value: s%3AAQAKIGhXnDVJspta_aKRJPISpX6pEXBnhSu_irivGs5OvRRqEHwYBCCE6uWoBjABOgTwi70wQgSC7qnO.yqWKdvHfeme8iLqkF8VI9nbvTDZWDyhSHxk%2FHY%2FcYiY
.srv.stackadapt.com/	1970-01-20 23:55:03	Name: sa-user-id-v3 Value: s%3AAQAKIGhXnDVJspta_aKRJPISpX6pEXBnhSu_irivGs5OvRRqEHwYBCCE6uWoBjABOgTwi70wQgSC7qnO.yqWKdvHfeme8iLqkF8VI9nbvTDZWDyhSHxk%2FHY%2FcYiY
.zemanta.com/	1970-01-20 23:55:03	Name: zuid Value: XOiKtwyx0mLnnIwWR6hA
.redintelligence.net/	1970-01-20 17:19:03	Name: 8lcfmzhxc8d6_uid Value: 6f451ac4c20b5060
.c.appier.net/	1970-01-20 23:55:03	Name: _auid Value: vaiUmvG4AQ6WaDXkBXUZZQ
.c.appier.net/	1970-01-20 15:52:39	Name: _gu Value: CAESECB9ow8eBmnyBHNHZXQhWM0
.pubmatic.com/	1970-01-20 15:10:53	Name: KTPCACOOKIE Value: YES
.turn.com/	1970-01-20 19:28:39	Name: uid Value: 3552562221473265290
.pubmatic.com/	1970-01-20 23:55:03	Name: KADUSERCOOKIE Value: 42852C6B-EAD3-436E-9D7E-25917E96430A
.bidswitch.net/	1970-01-20 23:55:03	Name: tuuid Value: e5e2e83c-8346-450c-863f-f51ac079347e
.bidswitch.net/	1970-01-20 23:55:03	Name: c Value: 1696167173
.bidswitch.net/	1970-01-20 23:55:03	Name: tuuid_lu Value: 1696167174

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun Message: The resource https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun Message: The resource https://25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

25a58b48d44141dee3c0c3660c61916c.safeframe.googlesyndication.com
51b3a88f218aa8363cf464592bd9b803.safeframe.googlesyndication.com
a.c.appier.net
a.tribalfusion.com
ad.turn.com
ads.eu.criteo.com
ads.yieldmo.com
ajax.googleapis.com
an.yandex.ru
b1sync.zemanta.com
c.statcounter.com
cat.fr3.eu.criteo.com
cdn.ampproject.org
cdn.contentspread.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cs.chocolateplatform.com
csm.eu.criteo.net
d03ee98ff3dfb78075bd7342f9dea30f.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
eb2.3lift.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900024.redintelligence.net
ib.adnxs.com
id5-sync.com
im.bluevoox.com
image6.pubmatic.com
m.exactag.com
match.sharethrough.com
pagead2.googlesyndication.com
r.turn.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static-a.xgcartoon.com
static.criteo.net
sync.go.sonobi.com
sync.inmobi.com
sync.srv.stackadapt.com
tpc.googlesyndication.com
us-u.openx.net
www.google.com
www.googletagservices.com
www.xgcartoon.com
x.bidswitch.net
pagead2.googlesyndication.com
104.18.27.193
104.20.218.77
13.248.245.213
138.201.84.252
142.250.184.226
144.76.91.199
145.239.2.103
159.203.145.121
162.19.138.118
169.150.222.217
172.104.70.67
178.250.7.9
18.195.61.190
18.197.170.218
185.86.139.102
185.89.211.116
198.47.127.19
20.127.253.7
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
213.202.235.10
2606:4700:10::6816:2e93
2606:4700::6811:180e
2606:4700::6812:18ad
2a00:1450:4001:800::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:810::2002
2a00:1450:4001:812::2004
2a00:1450:4001:813::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2001
2a02:2638:3::9
2a02:2638:d::11
2a02:2638:d::2
2a02:2638:d::4
2a02:2638:d::c
2a02:6b8::90
35.244.159.8
50.31.142.255
52.31.123.196
52.45.175.185
52.5.118.137
69.166.1.35
02114f7140239ba854aeafccfb48f246dcd2ca9357e0a569e0d9233cfecd3081
04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
044794d5b2086e61ff0e08862bc1ec1b4f55e1b8a57b44cb5a6844c5e8ee175a
0632628c2ee2ddbdd4aae6d02c09863d739a6b9a2cb7c6e104e42fe47f5efff1
06bf242565e982887564028c843972c9a670b77e705613bea00fd2a10ed2db35
07fba7a61a880a33dad3bdd742527acfced06df52bae448d15106783c47098ec
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a1437aed832ce8ff736f94f8c6244748a667ed507746e1b003d2988aaf552e8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
141a9b0b0492c8b4e7deb1e0537c69d01a3af169bf0c6e3a70c027856fdcedf4
1aa4a7bb3250246172fb936a76cad3eda063687abf10aeef1780a2fb659a9abc
24118f8956aae587d050c99a3780cc0ea8019430998791306b2a631a671d2c0e
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
306f0a660ec49331b955d79d3c84d55109d0e3e3f85708c8881087d4bcf781c6
3117435f29e0de48ea6ed19bbe21500a39ac0901bb4962f6b65a938162f54b8f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22
33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b
354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399
3622bb338c8f918f2afe498794ab070fa0630bd41e104bb670347051b18c250a
37cb2eaadc7f96d736523f07b49622913871c00abf24755df2d2229380edaf37
3ba1f44d5f89431a9f2bc65f3704d8b6356c6c7ff6c73923d8e9c24a168f02ca
3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
41bad9fccbe130cb34ae6647e39d71a4a740f88c60656abc4c3f713a6a12fcdf
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48be81013a3c733fb25e50f064f153b4b0737ace6ca019928548897cd6c6ba56
49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950
4972893832cc7f114925446001ef0c43c031cbc7d2b2a8bed395c116c911402d
498ee800a8ee6107b6790dae81bff981167c7a6dd3fc749c7d99cdf3870acae2
4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be2b6d3cc80ed5eb84eda3459016956c248cfc06fd5f441fbbf9ca7b0deb167
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5102f338a0cfe2d8cb91d88a20f0fc0d331f1cb87efd62fc339dc6a7c5952183
52d1865870ac945ad2a461da955712e8ec7d5d410cebef7d86eea1fcea917813
5461f598a49fc581c376c4a8f9b5e7144c11624e5761735a4cadc5f19f1c9e85
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5a1c3c8f4b39395d9549215181f507b8637e0fdd3135142e54d3840854011f93
5b62d79636704d99f6e070ba6c8eaeb69638afd2b5f831c606fd66b975ad0da1
5d3f7a8238fbc638d961c9185290155a90ce48870ed7113f066b6798c5ee2c1f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
631bd55599a6b4f749afa794e175c34ead00ba79ea0fa4bcd9f4e41279bc69fb
65d8dd267f5063ede68e786d0d84e1ed0b957076808c4bb1b803a665b9b707da
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
705a8ad3f71ed2d8e6700ca1dbee8d5579b21f4a619b5c127e70c1417fe7882d
71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
752d001ed89ab550af386f49bc95ee6a0e4288757cff89f23c0598e3da54caf5
761e10becd59cb46d531b0fa4dbc030e4808fd8480d74f79e7280b74e94cd087
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
83ff9acba263b099897ad8f87357a07b6ca2b79276925eccff9fb45f3319fe0a
88e831277b2dc3533be222d80c4db008a438ef1c5bd2beed13215893271ea02a
896e99481fa3358f1b2bef31e315f8810587a3045bf29d51b6ec27d7f616ca68
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8b431ea6401b099afea58e8018c73407e936028d492d07129d593a4b2a8e828b
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
94c849575fe72d56d0355d4e41ce8eab134584f902f1e6e6e929c6b5c73e0f1b
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b22b527a652c53284f5339711a08c2ef2667565d35c09e38f835593e2fdea9c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3fe2201aeda9050d5a049b03528e35c36bc20298f05b3e5e2a3574c385b683d
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7e8b4ef29be68a436a57b39af25208460f1c920a3a638059819d6c00f3fe977
a933b392c367283868c86e8a81f3288df684c64c68a765109eeef1fe4ac07637
aa1305d7baebcaaca830bdaa875d69c9ffaf511c107d90d6c94d505589d6dc67
adf78f79b0606670978e34ce28d41e3bd377aa7dfabf302119dccb61c4eb207d
af2de7bf7cdc29689ff5d8a3f8ef6156bf9318665c9dd8dd9dd63d81f9f6824d
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b10ad87959b9142d17e75d70cea677849caace5f21239f86cfe70ad01fb3a8c6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35db588e5192edde1275dc320f93594b0d1d6d638b7a365e90dec328b450e4f
b99ee275208ffdee7bbd9fdaade2698a3709c3fd608d82d9670ecdc7e05d132d
bd62cb79af6f71c721903e87e64c0353b7fa6c24d3e3378560dab1c1c3a1cf8e
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
bfa975de82450990afb29ab704aa41faba3794956a29995d8520d7d7d5e8d584
c4953974fc5b9af53da78d8b5d3ae4f985e037b4edfa2d29f6d9ad42207eab4d
c5e1a1e8982becdc83263b687951cfc5c5976af5b5d67eab53451cb72ac78925
c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
ce5d2c5db39edc66c10096838a6c9c92a20e3d2b3f1f19a274bbd2848a8f2e07
cefd5bd9a30367cb1a5e8dc7168f1515a31a53786b415865c867c221c74b5ace
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d6f226bf73d309afec0f8136aadcd4c31a5fb38158edc76f2be201529cea88e4
dad13483849d671cd729afb8a1bce107113dfa8d4158015b488c369c7048cc00
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
de68f78fb282490f424a1ce35f60b2260edefdcaf840f67c7340b0dcf04a34a1
decfbe8c158a2cba02ca73b8bdf79f27b58757217a01cf6a492feb29d25d9458
dfd6e6f6af3554560e56fb6af7185e09e67ebaa565f790ffc9a8b7ad986b2dd3
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e496d61e94e0369b7bb47cb8dff49326496b947ecb07653a3b7c3796589dccb7
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e79be27904694aa686e3c1f996448ec16485b41a1a158410bebf51a8f7d7c844
eb674de5636ad731f83bbd141aaac1337fd1539cf7976b59f7dbf17730c1dac6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f355fad01860140a175e2aa4ade729d7e0e28e0f932bb2f32313e89710c24d4f
f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

231 Requests

88 %HTTPS

46 %IPv6

36 Domains

52 Subdomains

36 IPs

9 Countries

2899 kBTransfer

7176 kBSize

37 Cookies

1 Outgoing links

Redirected requests

231 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

231
Requests

88 %
HTTPS

46 %
IPv6

36
Domains

52
Subdomains

36
IPs

9
Countries

2899 kB
Transfer

7176 kB
Size

37
Cookies

231 HTTP transactions
15 data transactions