URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Submission: On September 05 via manual from US — Scanned from CH

Summary

This website contacted 24 IPs in 9 countries across 27 domains to perform 210 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.
This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 169.150.222.217 60068 (CDN77 ^_^)
12 2a00:1450:400... 15169 (GOOGLE)
1 104.20.219.77 13335 (CLOUDFLAR...)
5 2606:4700:10:... 13335 (CLOUDFLAR...)
3 23 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
36 2a00:1450:400... 15169 (GOOGLE)
6 216.58.206.34 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 5 2a00:1450:400... 15169 (GOOGLE)
42 2a00:1450:400... 15169 (GOOGLE)
5 20 142.250.184.226 15169 (GOOGLE)
4 8 185.80.39.216 27381 (CASALE-MEDIA)
14 2a00:1450:400... 15169 (GOOGLE)
4 4 3.124.213.37 16509 (AMAZON-02)
1 1 151.101.66.49 54113 (FASTLY)
1 1 69.166.1.35 27630 (AS-XFERNET)
2 2 216.52.2.48 30282 (AS-INAPCD...)
1 1 2600:1f18:612... 14618 (AMAZON-AES)
1 52.199.143.202 16509 (AMAZON-02)
2 2 3.71.149.231 16509 (AMAZON-02)
4 142.250.185.194 15169 (GOOGLE)
2 85.14.248.71 24961 (MYLOC-AS ...)
1 1 34.91.62.186 396982 (GOOGLE-CL...)
1 35.71.131.137 16509 (AMAZON-02)
2 2 70.42.32.63 13789 (INTERNAP-...)
2 2 185.64.190.78 62713 (AS-PUBMATIC)
2 2 13.248.245.213 16509 (AMAZON-02)
1 2 51.75.86.98 16276 (OVH)
210 24
Apex Domain
Subdomains
Transfer
88 googlesyndication.com
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 150
pagead2.googlesyndication.com — Cisco Umbrella Rank: 107
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
1 MB
53 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
cm.g.doubleclick.net — Cisco Umbrella Rank: 237
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371
604 KB
14 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 311
584 KB
12 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 405
251 KB
10 xgcartoon.com
www.xgcartoon.com
static-a.xgcartoon.com
319 KB
8 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590
6 KB
8 gstatic.com
www.gstatic.com
58 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 214
453 KB
6 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 149
5 google.com
www.google.com — Cisco Umbrella Rank: 2
2 KB
4 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 854
3 KB
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 736
489 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 388
952 B
2 pubmatic.com
image6.pubmatic.com — Cisco Umbrella Rank: 752
1 KB
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 546
1 KB
2 exactag.com
m.exactag.com — Cisco Umbrella Rank: 12752
1 KB
2 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 326
793 B
2 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 659
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
2 KB
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 348
265 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 791
714 B
1 adingo.jp
cc.adingo.jp — Cisco Umbrella Rank: 7689
44 B
1 tremorhub.com
google.partners.tremorhub.com — Cisco Umbrella Rank: 13061
631 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 929
756 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 692
541 B
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2547
256 B
1 statcounter.com
c.statcounter.com — Cisco Umbrella Rank: 9797
469 B
210 27
Domain Requested by
42 pagead2.googlesyndication.com www.gstatic.com
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
www.googletagservices.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
s0.2mdn.net
36 tpc.googlesyndication.com www.xgcartoon.com
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
s0.2mdn.net
23 securepubads.g.doubleclick.net 3 redirects cdn.ampproject.org
www.xgcartoon.com
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
securepubads.g.doubleclick.net
www.googletagservices.com
20 cm.g.doubleclick.net 5 redirects googleads.g.doubleclick.net
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
14 s0.2mdn.net www.xgcartoon.com
s0.2mdn.net
12 cdn.ampproject.org www.xgcartoon.com
cdn.ampproject.org
8 dsum-sec.casalemedia.com 4 redirects googleads.g.doubleclick.net
8 www.gstatic.com 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
8 www.googletagservices.com 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
securepubads.g.doubleclick.net
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
6 googleads.g.doubleclick.net 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
pagead2.googlesyndication.com
6 www.googleadservices.com 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
6 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com cdn.ampproject.org
5 www.google.com 1 redirects tpc.googlesyndication.com
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
5 static-a.xgcartoon.com www.xgcartoon.com
5 www.xgcartoon.com www.xgcartoon.com
cdn.ampproject.org
4 googleads4.g.doubleclick.net www.xgcartoon.com
4 pm.w55c.net 4 redirects
2 onetag-sys.com 1 redirects 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
2 eb2.3lift.com 2 redirects
2 image6.pubmatic.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 m.exactag.com 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
2 ups.analytics.yahoo.com 2 redirects
2 ap.lijit.com 2 redirects
2 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 fonts.googleapis.com 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
1 match.adsrvr.org 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
1 um.simpli.fi 1 redirects
1 cc.adingo.jp 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
1 google.partners.tremorhub.com 1 redirects
1 sync.go.sonobi.com 1 redirects
1 sync-tm.everesttech.net 1 redirects
1 region1.google-analytics.com cdn.ampproject.org
1 c.statcounter.com www.xgcartoon.com
210 35

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com
Subject Issuer Validity Valid
*.xgcartoon.com
AlphaSSL CA - SHA256 - G2
2022-09-14 -
2023-10-16
a year crt.sh
misc-sni.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
statcounter.com
Sectigo RSA Domain Validation Secure Server CA
2022-11-24 -
2023-12-24
a year crt.sh
xgcartoon.com
GTS CA 1P5
2023-07-21 -
2023-10-19
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
www.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.adingo.jp
Amazon RSA 2048 M01
2023-02-13 -
2023-11-11
9 months crt.sh
*.exactag.com
Sectigo ECC Domain Validation Secure Server CA
2023-08-22 -
2024-09-15
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh

This page contains 29 frames:

Primary Page: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Frame ID: 19FA2699DF4267F8DB97608FB0975063
Requests: 38 HTTP requests in this frame

Frame: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 5EF1EEEC67B40A8A26C08664207FE7BC
Requests: 8 HTTP requests in this frame

Frame: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 82F6E65501FC71896DEBCD50805AC3CB
Requests: 12 HTTP requests in this frame

Frame: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 72F0A9BF01153209ACEC3F2D44E74DEB
Requests: 14 HTTP requests in this frame

Frame: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 5F94B0C931C86C6A596AA4440461F7C3
Requests: 14 HTTP requests in this frame

Frame: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: DF6ADF401CFFBEDB6EDDF3BF115AB019
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html
Frame ID: A02A0A27201E5AC4E221A22F80A10CA5
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 372CD32BFA1A2890BC27D3B9ED5D4DC5
Requests: 2 HTTP requests in this frame

Frame: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C7AA005D1090940ECF75F9F130D6EEBE
Requests: 1 HTTP requests in this frame

Frame: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: CEE6C8CD3B26F1EB1DA7BC4999EB3D25
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Frame ID: 47D34469015786A979E33045409751E2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Frame ID: 15097B2538C3B8E78CAE256FDCA34E9B
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6VApSUB1BXE-oeitPZCHGNLdSjt-vbwxhwMYinGuNYYLDP6WPhmoNzihWF0uwCVI7rphENaQpgCJxQa5Sl_JahggNjg-R9XWYfsixmkj3QOYZDr_Jl8tDXHhB5aMT96_DFfyv0VJ4s9cTbBcUgQleWizpN19OC_ulPhuqm4npswk7Dk82L_yUfZ23K7LKqFTBWgsE-2zwcoLZCvCy3lnzifHX9zHu8ndFNF9zm7Ec07xxPU729BYGzFkUiJgivNYQW0nyd3ofeUNXWODA8HASQtDcBcfEfo6MS6cnpO_0gDPU-Pj8pxkhq_GXrc5yjer9fePumpRn3fyObQY85-Z38PAo7runCkBrwhuhGN8ziyvd&sai=AMfl-YSuNmkNsNVb0yHzjLxh1JNzQHq0Xg-vmy_fo7IrXKSGd6U1-WTnIs8Fi8pznngcw9AMjVBs3u-h-8r2iTy95jtBQi_hX2GSnq1SVQ&sig=Cg0ArKJSzADpytqe0tbWEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 07FFD99CC90E2F8C894B39FA485CE967
Requests: 5 HTTP requests in this frame

Frame: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E6CAAFF141AFDA3C5AF66EE909D6D22D
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C1FAF2ABB48416BBFEC2E3B633CA6101
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1D53E07BC211965211B2D8409566B2B9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhib8Mr0ATAB&v=APEucNVkT6imBgpq-DO4CICdSkk72oAmif6Iv6MYTwKiTYUhnN3dJicKopl8e4y95ZnZhK7hdZc-SryMbXcujBsUQ4VOYPY6yQ
Frame ID: 2F874D395D3F1938D13A25862AD4AFFC
Requests: 4 HTTP requests in this frame

Frame: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: EA0FAD9A7AFAC12D5D9FEA905DAB44DC
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B1FBBF302AF73CC099FA75764E26BC9A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A586350FB07C8ED5F178F843116E82D5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhjQgsv0ATAB&v=APEucNXhAcA70ZgPVQim8Iaevkf0JecamMwHzZHwcupAJKhomJfv16uxNcyaZcN7UK6CJifEQkDX2sVDrA8NBl89UzNc1vT__g
Frame ID: 336517150C196C24C486A6BB5A837910
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3BCF8600B2BE7A8FFE6B81B73B576E73
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AC353545329CC38600A9CF6DE4E1B0EC
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3B113020022259D870D76273CF57060B
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
Frame ID: F9CEBD795A8A960A8F837469374CBA77
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
Frame ID: 953F6FE1837AE3324A39C902015727C3
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6C1F889D5A13057DD0F4E414E228828D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Frame ID: A52F186073F78821572C75C547990E74
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Frame ID: C607F23B50330B44FD548EAB6C4C23C1
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

🍼哆啦A夢(機器貓、小叮噹)新番【國語】 免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Page Statistics

210
Requests

90 %
HTTPS

42 %
IPv6

27
Domains

35
Subdomains

24
IPs

9
Countries

3566 kB
Transfer

8222 kB
Size

28
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=CXWN_dCz3ZKL-Ep2R1PIPyLmQ2AnC27KlcYuipPL0Ed-t1u_uORABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgDSKoEngJP0Oq4yHuG6AFnYGHa5SjRDezI1QJgm0z1mXggSlytKyVvqeFIGVho5SsL14OVSCB385Xt37ppLHVjVhncmuTmmVx4oGzfWMH4BbTSu37hv_b1d_NuCAlqc035aoVgJAEn_DimZRppt36Tz-sNiX1nJzJaZs5VfWgSRTTDmg3fc45hbse0ZJzM8fX4pmhU45QZ1302mJhY2K2RJT5TA_c8zR1I-A9OGN6jL6z3EqAlqKVtrhAhFNLUMzCIcmAtmaO7m7VNJaaKekcpi9vunx8cEhFkoUeZsqpVzuk096GekNZ9UShWCoUcM9FFFyJQ614IIW1W616Dh1qz0G-cl_u0OSrnez-NSO-Xatk0WSkkNry12vANxfbrHgr7RIPJwASSn5fCrwTgBAGIBcKK1vtJkgUECAQYAZIFBAgFGASgBi6AB57SjPUDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcDEPNy0ggUCIBhEAEYHTICigI6AoBASL39wTqaCShodHRwczovL3d3dy5nYW1lb255eC5jb20va2lkcy1nYW1lcy5odG1sgAoDyAsB2gwRCgsQwKDfyYKJw_3pARICAQPYEwzQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=76NiHhezW7Q&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJW5jQTfgoFLnQxWigvET374vHV38fYRBgB&template_id=531&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x1e3d83c5fae1074c0000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%222846589465651208362%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217633114417566456721%22}&andc=true
Request Chain 77
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 89
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=ClEIScyz3ZLTHMsjUgAft2r-wD8LbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9DL_mYBp1O5N-U_grce28_NCmRJRZUGkK40_T2HzFx3LOXcdmp4LomNAW0Wz8jpeCbvE0FLuY3ZFbJPOc3-t_PduwO-qv11FF1mWDSXdQ7pgymO5Q--Qc1B0_gS-5-VMej_qo4IGbAPY5Gn-iZHt791ipoM4AjaEng4cy6pJUUtrCs84DYIBlW7tM8A1yzCWHaNFRDT9Ca7KAHWOt9lTFT42zwBq_QCTEDlMqWmF3N8pog5AGU2NnNKICXBYfaBc0svEAXMHxtBh6-t876mO2j5uGa5IhRwrpj2ZFA_mE7991ry4A-oqFn_WwnTFC_usld_OhfzmuLDhZJEPWfevl4o-qzLyC0DKDavWi3s8LcUjF71BGhQxH5A8hlEZhfABOzvk7_ABOAEAYgFworW-0mSBQQIBBgBkgUECAUYBKAGLoAHntKM9QOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKWh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9nb29kcy1nYW1lcy5odG1sgAoDyAsB2gwQCgoQ8KWQt_O37-snEgIBA9gTDNAVAYAXAbIXHgocCAASFHB1Yi0zMDM5MTk5NTAzNDAzNjM0GJnSIQ&sigh=ZKqp4Etx0PM&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJW8iV1E7F3UmxCtnD6JzMtrdP8Qj-QbBgB&template_id=494&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%22248131830024854980%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216492327607227944161%22}&andc=true
Request Chain 91
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=C6w68dCz3ZO_dBYK4gAearbqIBMLbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9Bt1rC_alICu6vpbZa1Is_NsTPyz45bGvh5f7TQLdTzPzSY0eHeBEpkdlWwXrA3JAuvYfSLBwPLdfXAZDPh5QCkYmpmhtj4Ggyr9rms9fLOThDyiiz9xEXRWT-cuA68SteRXS3RAjKebFWZeC5enPGa-Fa-1no9_SLRXS43VqGuPe4Z8o_0WNRTfhoo7y_6vj0nPwFS0ui2IXeVwAH7dY3mqB7a-2HneQ8VgdZGdtg4jNyxs8ZJujGQJURUKL8K4T0rNSmyxP0G0BmOwn1U0J90TtH7NKex2w8peeCjPC60fzv7hFjf3OMENio5YWZZ2u4bIV3Ug5QQeqgqZmbJsy_oBYFP2VEK0GA22dqpRH7PdeDXpxm9pHI5Oe6dieDABOzvk7_ABOAEAYgFworW-0mSBQQIBBgBkgUECAUYBKAGLoAHntKM9QOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKWh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9nb29kcy1nYW1lcy5odG1sgAoDyAsB2gwRCgsQsMmwuv2Bnu-FARICAQPYEwzQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=ijKv-fm_mt4&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWTh6BtBi_-7AwXP7c1jKJ-s4WnMMrQhgB&template_id=494&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%226603521052452644443%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213509243459762922177%22}&andc=true
Request Chain 136
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Request Chain 137
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPcsd-cRyS27SRRDV5pIwgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Request Chain 153
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Request Chain 154
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPcsd-cRyS27SRRDV5pIwgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Request Chain 172
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdiULh9qjKoP7faxS9D-3d0nE7UhDlhcgbyWaC0HaidELRaLuykf6JI HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdiULh9qjKoP7faxS9D-3d0nE7UhDlhcgbyWaC0HaidELRaLuykf6JI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdiULh9qjKoP7faxS9D-3d0nE7UhDlhcgbyWaC0HaidELRaLuykf6JI
Request Chain 173
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEMubcTxcRCCU33h-zkgPrLA&google_cver=1&google_push=AXcoOmTmlpJK0jDZsG67XfHpa7HYonER6VYpJkW4DH4CkbcP0g1RQKorxmMb-fvK9mN4hLeOkRuUU8kP_-43Uxj6eLq4t9Y2EOk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMubcTxcRCCU33h-zkgPrLA&google_push=AXcoOmTmlpJK0jDZsG67XfHpa7HYonER6VYpJkW4DH4CkbcP0g1RQKorxmMb-fvK9mN4hLeOkRuUU8kP_-43Uxj6eLq4t9Y2EOk
Request Chain 174
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gkug99SVZxDBJ8_ZMq4e%26google_hm%3D%5BUID%5D&google_gid=CAESEFns6Qnoaxni0Xo13kFaNyg&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gkug99SVZxDBJ8_ZMq4e&google_hm=e8a2061a-0285-4ad2-a274-90c8e88c6b03
Request Chain 175
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO2sXhej93q6k4OF17JXo00&google_cver=1&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10 HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO2sXhej93q6k4OF17JXo00&google_cver=1&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10&google_hm=HRUGtGZHzk7wUQWFS-m5cH3o
Request Chain 176
  • https://google.partners.tremorhub.com/sync?UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2rdxUEGiH4BxV_VqLbE7pfVlgWc2tsEZwTPfgqFQjyHcc_TEJq_Xji1l1OLiryi8NBFEl-omi5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MzlhMzQ5ZjUzZDk0NDA1ZWExYzRlZjBiZTNjMzJjOTI%3D&UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2rdxUEGiH4BxV_VqLbE7pfVlgWc2tsEZwTPfgqFQjyHcc_TEJq_Xji1l1OLiryi8NBFEl-omi5
Request Chain 178
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIrglaoYMLPlWTdiY_vIWLg&google_cver=1&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOvbvWxxMiyIIVEjZWE-1BjBdJv0HqQ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIrglaoYMLPlWTdiY_vIWLg&google_cver=1&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOvbvWxxMiyIIVEjZWE-1BjBdJv0HqQ&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vWThheUp0RTJ1SDFoenFja0hjSXJaLnU2aE50SE1CeH5B&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOvbvWxxMiyIIVEjZWE-1BjBdJv0HqQ
Request Chain 186
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zxtcs5JgxbkSq1C2hdWvMecz5T8xZoPtO9HFQtRdcc-eJI6GGYdWPg HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zxtcs5JgxbkSq1C2hdWvMecz5T8xZoPtO9HFQtRdcc-eJI6GGYdWPg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zxtcs5JgxbkSq1C2hdWvMecz5T8xZoPtO9HFQtRdcc-eJI6GGYdWPg
Request Chain 187
  • https://um.simpli.fi/gp_match?google_gid=CAESEPzbEzhXCcDz1cm07YQrUO4&google_cver=1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZWjnMl1p33zuNEP HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7F9BF1B2832A45CE9277713DEFD9C7F1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZWjnMl1p33zuNEP
Request Chain 189
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFxIi8CX671KNMVAA8FOUJs&google_cver=1&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFxIi8CX671KNMVAA8FOUJs&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU&google_hm=dThxRHB1UTIwMGo0NXA4ekJDa1g=
Request Chain 190
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJBHNelMS9iErmYOyRJKjtI&google_cver=1&google_push=AXcoOmTxeSvSCIMEjZ1s09vKk3du12ZwmRHglo0T3nVm7MuEq7fFS_kehEqi6ulsSVlU_vApgHO5f2NidsURk9C4o8Xo5It0c20 HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJBHNelMS9iErmYOyRJKjtI&google_cver=1&google_push=AXcoOmTxeSvSCIMEjZ1s09vKk3du12ZwmRHglo0T3nVm7MuEq7fFS_kehEqi6ulsSVlU_vApgHO5f2NidsURk9C4o8Xo5It0c20&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=z6XsiAeZQNaYTslFhIqLIg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTxeSvSCIMEjZ1s09vKk3du12ZwmRHglo0T3nVm7MuEq7fFS_kehEqi6ulsSVlU_vApgHO5f2NidsURk9C4o8Xo5It0c20
Request Chain 191
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKmtJSzSphQvKN4NS-GD4wc&google_cver=1&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO&google_gid=CAESEKmtJSzSphQvKN4NS-GD4wc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgwMDU0NTIwNTU0OTY0ODU3MTM2Ng%3D%3D&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO
Request Chain 192
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMMYWprpjOYGH3t8hrDIATA&google_cver=1&google_push=AXcoOmRbXMD2LFF_KSEShyC7BzaMUQ6JaCWrWfTrWmdmbOik3rtyhZCQrjuRtwMERdK8BgRtjDBNUpKpXxfNCsrNmWCVptRe2yKpZg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRbXMD2LFF_KSEShyC7BzaMUQ6JaCWrWfTrWmdmbOik3rtyhZCQrjuRtwMERdK8BgRtjDBNUpKpXxfNCsrNmWCVptRe2yKpZg HTTP 302
  • https://onetag-sys.com/match/?int_id=19&google_error=5

210 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request duolaameng_di3jiguoyu-tengzifbuerxiong
www.xgcartoon.com/detail/
171 KB
23 KB
Document
General
Full URL
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-169-150-222-217.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
be8369cde59152040e83ce8fa0f805fe897d7aefcb55143aa80d1274eac23185

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
max-age=60
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 05 Sep 2023 13:26:10 GMT
etag
"2ab14-A8N3Mx2FmlWRSi+CZu7XXkp/JuE"
expires
Tue, 05 Sep 2023 13:27:10 GMT
server
nginx/1.18.0 (Ubuntu)
vary
Accept-Encoding
v0.js
cdn.ampproject.org/
277 KB
71 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
72923
x-xss-protection
0
server
sffe
etag
"8f05ddb4de6114d6"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3000, stale-while-revalidate=1206600
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-ad-0.1.js
cdn.ampproject.org/v0/
82 KB
24 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-ad-0.1.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23145
x-xss-protection
0
server
sffe
etag
"1e24d49ff16f97fa"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-autocomplete-0.1.js
cdn.ampproject.org/v0/
29 KB
9 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9421
x-xss-protection
0
server
sffe
etag
"56ca3e5770e137fa"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-form-0.1.js
cdn.ampproject.org/v0/
49 KB
15 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-form-0.1.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14971
x-xss-protection
0
server
sffe
etag
"675440b55a1b9283"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-mustache-0.2.js
cdn.ampproject.org/v0/
45 KB
15 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15359
x-xss-protection
0
server
sffe
etag
"f6812c8625865ef6"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-social-share-0.1.js
cdn.ampproject.org/v0/
14 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-social-share-0.1.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4778
x-xss-protection
0
server
sffe
etag
"3b7d847d5c21773c"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-sticky-ad-1.0.js
cdn.ampproject.org/v0/
40 KB
10 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10348
x-xss-protection
0
server
sffe
etag
"279670ab552e383b"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
amp-analytics-0.1.js
cdn.ampproject.org/v0/
110 KB
32 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32193
x-xss-protection
0
server
sffe
etag
"473971c650298c2f"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 05 Sep 2023 13:26:11 GMT
/
c.statcounter.com/12916097/0/c55d9f9f/1/
49 B
469 B
Image
General
Full URL
https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/gif
p3p
policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray
801ecd70b8e337f0-FRA
content-length
49
expires
Mon, 26 Jul 1997 05:00:00 GMT
logo.png
www.xgcartoon.com/img/
13 KB
13 KB
Image
General
Full URL
https://www.xgcartoon.com/img/logo.png
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-169-150-222-217.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:11 GMT
last-modified
Sun, 28 Aug 2022 14:10:33 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"3473-182e4ca3706"
content-type
image/png
cache-control
max-age=180
accept-ranges
bytes
content-length
13427
expires
Tue, 05 Sep 2023 13:29:11 GMT
duolaameng_di3jiguoyu-tengzifbuerxiong.jpg
static-a.xgcartoon.com/cover/
21 KB
22 KB
Image
General
Full URL
https://static-a.xgcartoon.com/cover/duolaameng_di3jiguoyu-tengzifbuerxiong.jpg?w=230&h=280&q=100
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5d4dbba3c898b11aca6083d4aefd113f16b72cde7b7bba3c91bdf2bd7d785f8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
cf-cache-status
HIT
cf-bgj
h2pri
last-modified
Wed, 02 Nov 2022 01:28:33 GMT
server
cloudflare
etag
"4AEF13B965ECF7389730A516F995AB2D"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=259200
accept-ranges
bytes
cf-ray
801ecd727b591947-FRA
content-length
21768
expires
Tue, 05 Sep 2023 14:01:51 GMT
play.png
www.xgcartoon.com/img/
470 B
667 B
Image
General
Full URL
https://www.xgcartoon.com/img/play.png
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-169-150-222-217.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:11 GMT
last-modified
Wed, 17 Aug 2022 11:09:20 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"1d6-182ab7e5700"
content-type
image/png
cache-control
max-age=180
accept-ranges
bytes
content-length
470
expires
Tue, 05 Sep 2023 13:29:11 GMT
star.png
www.xgcartoon.com/img/
424 B
621 B
Image
General
Full URL
https://www.xgcartoon.com/img/star.png
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-169-150-222-217.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:11 GMT
last-modified
Wed, 17 Aug 2022 11:09:12 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"1a8-182ab7e37c0"
content-type
image/png
cache-control
max-age=180
accept-ranges
bytes
content-length
424
expires
Tue, 05 Sep 2023 13:29:11 GMT
wanyuzhiwangguoyu-nicangtian.jpg
static-a.xgcartoon.com/cover/
80 KB
80 KB
Image
General
Full URL
https://static-a.xgcartoon.com/cover/wanyuzhiwangguoyu-nicangtian.jpg?w=280&h=120&q=100
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2c51c1cf699d852f931e465d4fafd201c4b07ae408f25122226846264c843fb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
cf-cache-status
HIT
last-modified
Wed, 11 Jan 2023 06:57:41 GMT
server
cloudflare
etag
"0A627E2BC4B7D6BD3C83AC41A5A037BA"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
cf-ray
801ecd727b5a1947-FRA
content-length
81575
expires
Thu, 07 Sep 2023 06:24:08 GMT
lingjianzunguoyu-yelaojiu.jpg
static-a.xgcartoon.com/cover/
71 KB
71 KB
Image
General
Full URL
https://static-a.xgcartoon.com/cover/lingjianzunguoyu-yelaojiu.jpg?w=280&h=120&q=100
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02811bce4185fdc056d078e6d40ab27446ed0e074a8a3ba7ee918ca7ba8263d3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
cf-cache-status
HIT
last-modified
Tue, 22 Nov 2022 00:14:47 GMT
server
cloudflare
etag
"64A595514503305B5456BF760CC57A58"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
cf-ray
801ecd728b5f1947-FRA
content-length
72756
expires
Thu, 07 Sep 2023 06:01:09 GMT
jidongzhanshigaodaseed_destiny-futianjijinyang.jpg
static-a.xgcartoon.com/cover/
94 KB
94 KB
Image
General
Full URL
https://static-a.xgcartoon.com/cover/jidongzhanshigaodaseed_destiny-futianjijinyang.jpg?w=280&h=120&q=100
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d3570d2de60c47940f8c80d5b642d2bcee72a9f8aa0b110c804f41e899d9156

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
cf-cache-status
HIT
last-modified
Fri, 26 Aug 2022 08:43:50 GMT
server
cloudflare
etag
"B07C7E8BDA338588285BB8BBD94F42E3"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
cf-ray
801ecd728b621947-FRA
content-length
96245
expires
Thu, 07 Sep 2023 04:20:14 GMT
youxiwang5dsyu-gi-oh_5dsriyu-zuotengyashi.jpg
static-a.xgcartoon.com/cover/
12 KB
12 KB
Image
General
Full URL
https://static-a.xgcartoon.com/cover/youxiwang5dsyu-gi-oh_5dsriyu-zuotengyashi.jpg?w=280&h=120&q=100
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96b3caa4d6e56ccbd206fb260d627d653af0caf2f2dd7c67b15dc6bf811252c5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
cf-cache-status
HIT
cf-bgj
h2pri
last-modified
Mon, 10 Oct 2022 04:12:28 GMT
server
cloudflare
etag
"180B580DEE3706A16BD88536698CF032"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=259200
accept-ranges
bytes
cf-ray
801ecd728b631947-FRA
content-length
12635
expires
Thu, 07 Sep 2023 05:49:27 GMT
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012308181609000/v0/
8 KB
3 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012308181609000/v0/amp-auto-lightbox-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Origin
https://www.xgcartoon.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 20:32:09 GMT
age
579242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2971
x-xss-protection
0
server
sffe
etag
"81fe35e806c986f9"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 20:32:09 GMT
truncated
/
595 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
953 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
792 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
440 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
394 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
308 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
227 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
154 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
amp-ad-network-doubleclick-impl-0.1.js
cdn.ampproject.org/rtv/012308181609000/v0/
237 KB
63 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Origin
https://www.xgcartoon.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 20:32:24 GMT
age
579227
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64176
x-xss-protection
0
server
sffe
etag
"53ca58918b9d6396"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 20:32:24 GMT
amp-loader-0.1.js
cdn.ampproject.org/rtv/012308181609000/v0/
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012308181609000/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Origin
https://www.xgcartoon.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 20:32:09 GMT
age
579242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3937
x-xss-protection
0
server
sffe
etag
"256c2c03e8e2f982"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 20:32:09 GMT
ads
securepubads.g.doubleclick.net/gampad/
134 KB
47 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6994002664&ga_cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ga_hid=2664&dt=1693920371684&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&bdt=480&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b3feeec90c0f0b0ccf3adf30fbc427e17134e5aaedc5fe590bc5b826a2c20976
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKKIx5DJk4EDFZ0IVQgdyBwEmw&gqi=cyz3ZKPqMNWPgAfbtL_ABw&layout=/sadbundle/%24csp%253Der3%24/1017873150032996342/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKKIx5DJk4EDFZ0IVQgdyBwEmw&gqi=cyz3ZKPqMNWPgAfbtL_ABw&layout=/sadbundle/%24csp%253Der3%24/1017873150032996342/index.html
content-encoding
br
x-content-type-options
nosniff
date
Tue, 05 Sep 2023 13:26:12 GMT
x-ampsafeframeversion
1-0-40
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
x-ampadrender
safeframe
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47014
x-xss-protection
0
google-lineitem-id
-1
x-qqid
CKKIx5DJk4EDFZ0IVQgdyBwEmw
amp-access-control-allow-source-origin
https://www.xgcartoon.com
server
cafe
google-creative-id
-1
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.xgcartoon.com
access-control-expose-headers
Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
amp-ff-sandbox
true
expires
Tue, 05 Sep 2023 13:26:12 GMT
ads
securepubads.g.doubleclick.net/gampad/
66 KB
23 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=801&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6994002664&ga_cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ga_hid=2664&dt=1693920371685&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&bdt=481&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b369f82a270f354e0cadcc9a6ac3785a1c0bf9c70cc4546139c31efbf8fea44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
content-encoding
br
x-content-type-options
nosniff
x-ampsafeframeversion
1-0-40
observe-browsing-topics
?1
x-creativesize
160x600
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
x-ampadrender
safeframe
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23223
x-xss-protection
0
google-lineitem-id
6136663858
x-qqid
CNaDqZDJk4EDFe_BEQgduewAtg
amp-access-control-allow-source-origin
https://www.xgcartoon.com
server
cafe
google-mediationtag-id
-2
google-creative-id
138440861539
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.xgcartoon.com
access-control-expose-headers
Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
amp-ff-sandbox
true
expires
Tue, 05 Sep 2023 13:26:12 GMT
ads
securepubads.g.doubleclick.net/gampad/
142 KB
39 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6994002664&ga_cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ga_hid=2664&dt=1693920371685&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&bdt=481&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1c63fd1bdc5ab6c8b174c84fb48eb82e320d502a0e3f60b2f0441c543a4714d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
content-encoding
br
x-content-type-options
nosniff
x-ampsafeframeversion
1-0-40
observe-browsing-topics
?1
x-creativesize
336x600
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
x-ampadrender
safeframe
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40178
x-xss-protection
0
google-lineitem-id
-1
x-qqid
CO_nuZDJk4EDFQIc4AodmpYOQQ
amp-access-control-allow-source-origin
https://www.xgcartoon.com
server
cafe
google-creative-id
-1
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.xgcartoon.com
access-control-expose-headers
Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
amp-ff-sandbox
true
expires
Tue, 05 Sep 2023 13:26:12 GMT
ads
securepubads.g.doubleclick.net/gampad/
128 KB
40 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6994002664&ga_cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ga_hid=2664&dt=1693920371685&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&bdt=481&dtd=19&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
da3b9ac2c2c5231f81e455e6cd1faf865a3b319626de2fbce24c788a9546e737
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
content-encoding
br
x-content-type-options
nosniff
x-ampsafeframeversion
1-0-40
observe-browsing-topics
?1
x-creativesize
336x600
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
x-ampadrender
safeframe
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39826
x-xss-protection
0
google-lineitem-id
-1
x-qqid
CPTMqZDJk4EDFUgq4Aodbe0P9g
amp-access-control-allow-source-origin
https://www.xgcartoon.com
server
cafe
google-creative-id
-1
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.xgcartoon.com
access-control-expose-headers
Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
amp-ff-sandbox
true
expires
Tue, 05 Sep 2023 13:26:12 GMT
ads
securepubads.g.doubleclick.net/gampad/
66 KB
23 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6994002664&ga_cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ga_hid=2664&dt=1693920371685&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&bdt=481&dtd=19&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f9c0abd3ac7b63e37c3ee14816503af5d06f008f13bfe1daea71e2ec3eb3abc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
content-encoding
br
x-content-type-options
nosniff
x-ampsafeframeversion
1-0-40
observe-browsing-topics
?1
x-creativesize
728x90
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
x-ampadrender
safeframe
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23229
x-xss-protection
0
google-lineitem-id
6136661665
x-qqid
CMP3qJDJk4EDFUEY4AodmtYDuA
amp-access-control-allow-source-origin
https://www.xgcartoon.com
server
cafe
google-mediationtag-id
-2
google-creative-id
138370495322
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.xgcartoon.com
access-control-expose-headers
Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
amp-ff-sandbox
true
expires
Tue, 05 Sep 2023 13:26:12 GMT
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/
0
0
Other
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.xgcartoon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

googleanalytics.json
cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/
2 KB
886 B
Fetch
General
Full URL
https://cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/googleanalytics.json
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
https://www.xgcartoon.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 20:32:04 GMT
age
579248
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
856
x-xss-protection
0
server
sffe
etag
"0fc0eb4a65ca6481"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 20:32:04 GMT
ga4.json
www.xgcartoon.com/js/
4 KB
2 KB
Fetch
General
Full URL
https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-169-150-222-217.datapacket.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept
application/json
Referer
https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
AMP-Same-Origin
true
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:12 GMT
content-encoding
gzip
last-modified
Thu, 27 Apr 2023 10:49:40 GMT
server
nginx/1.18.0 (Ubuntu)
etag
W/"11d8-187c255423d"
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
cache-control
max-age=180
accept-ranges
bytes
expires
Tue, 05 Sep 2023 13:29:12 GMT
collect
region1.google-analytics.com/g/
0
256 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=2664&cid=amp-6RaHIQl9PYgyNW94tmZaTQ&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&dr=&dt=%F0%9F%8D%BC%E5%93%86%E5%95%A6A%E5%A4%A2%EF%BC%88%E6%A9%9F%E5%99%A8%E8%B2%93%E3%80%81%E5%B0%8F%E5%8F%AE%E5%99%B9%EF%BC%89%E6%96%B0%E7%95%AA%E3%80%90%E5%9C%8B%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1693920373&sct=1&seg=1&_et=1000&gcs=
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.xgcartoon.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.xgcartoon.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5EF1
6 KB
3 KB
Document
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 82F6
6 KB
3 KB
Document
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 72F0
6 KB
3 KB
Document
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5F94
6 KB
3 KB
Document
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DF6A
6 KB
3 KB
Document
General
Full URL
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xgcartoon.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/ Frame A02A
96 KB
27 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
664d8567f25b85bc66e23dcbcb180910480210117e444636f563afa9887f21b8
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
550677
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
26105
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Wed, 30 Aug 2023 04:28:16 GMT
expires
Thu, 29 Aug 2024 04:28:16 GMT
last-modified
Wed, 30 Aug 2023 02:27:47 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame
0
0
Preflight
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CXWN_dCz3ZKL-Ep2R1PIPyLmQ2AnC27KlcYuipPL0Ed-t1u_uORABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgDSKoEngJP0Oq4yHuG6AFnYGHa5SjRDezI1QJgm0z1mXggSlytKyVvqeFIGVho5SsL14OVSCB385Xt37ppLHVjVhncmuTmmVx4oGzfWMH4BbTSu37hv_b1d_NuCAlqc035aoVgJAEn_DimZRppt36Tz-sNiX1nJzJaZs5VfWgSRTTDmg3fc45hbse0ZJzM8fX4pmhU45QZ1302mJhY2K2RJT5TA_c8zR1I-A9OGN6jL6z3EqAlqKVtrhAhFNLUMzCIcmAtmaO7m7VNJaaKekcpi9vunx8cEhFkoUeZsqpVzuk096GekNZ9UShWCoUcM9FFFyJQ614IIW1W616Dh1qz0G-cl_u0OSrnez-NSO-Xatk0WSkkNry12vANxfbrHgr7RIPJwASSn5fCrwTgBAGIBcKK1vtJkgUECAQYAZIFBAgFGASgBi6AB57SjPUDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcDEPNy0ggUCIBhEAEYHTICigI6AoBASL39wTqaCShodHRwczovL3d3dy5nYW1lb255eC5jb20va2lkcy1nYW1lcy5odG1sgAoDyAsB2gwRCgsQwKDfyYKJw_3pARICAQPYEwzQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=76NiHhezW7Q&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJW5jQTfgoFLnQxWigvET374vHV38fYRBgB&template_id=531&vis=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 5EF1
Redirect Chain
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=CXWN_dCz3ZKL-Ep2R1PIPyLmQ2AnC27KlcYuipPL0Ed-t1u_uORABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgDSKoEngJP0Oq4yHuG6AFnYGHa5SjRDezI1QJgm0z1mXggSlyt...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x1e3d83c5fae1074c0000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%222846589465651208362%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217633114417566456721%22}&andc=true
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x1e3d83c5fae1074c0000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"2846589465651208362","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"17633114417566456721"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
null
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:13 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x1e3d83c5fae1074c0000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"2846589465651208362","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"17633114417566456721"}&andc=true
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame 5EF1
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9067
x-xss-protection
0
server
cafe
etag
16184311534176170479
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 372C
143 B
382 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
150
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:23:43 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 5EF1
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:29:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7004
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Sep 2023 11:29:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 5EF1
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 82F6
98 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
549245b157ad81c80d1d33ba98078eb3915cdacc872c0f3d4c3c7414d0f3f4d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29004
x-xss-protection
0
server
cafe
etag
42 / 19605 / m202308300101 / config-hash: 10968018803680569963
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 82F6
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 82F6
0
461 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8F2--Gkxjnbzv-5JqtB-T5us0jU5RY1hSjMts92cC3uukqJ80bHOwH4OY4nYlrnNef7X4D-Hwys-t5ETU7Y2V_NHHWFH-solaLmgyVpwYjrSkXKRyK2iuev-iwKMsEDAinIzt7z0Sr3Vx8aHCqK4xM6EoqKRPdBYISgZ_ec3dHTDlfiW8OQg2XfXcpUm-YDnpJjiXtZdPfqdqXlvYuA-MooAoEhR9I46FvgOK-TeAzdw6P7rUBOoUgpoBVCXB6V5N-sJiunf1Kgn507dTdF0yAZd0XQONpsVSqQbeDPvz2qxRoKruX2D1HHn_8ZShrAgOierAF0ew_JGvqy2PnVT9L1kMepTAwiDNyiGU_D2UDNAD&sai=AMfl-YTV3kl1JLzrBxM5T22XPiHPVibAJU6EuU8_sirUhdyAaxEjIoiAss_cJltUACHK_BpDWyPZua3T2M0Arbc&sig=Cg0ArKJSzJWPpfx2st-rEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:13 GMT
63e0a2a793d720ddab32c7ad1c79b976.js
www.gstatic.com/mysidia/ Frame 72F0
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 14:39:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
168387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3931
x-xss-protection
0
last-modified
Thu, 31 Aug 2023 22:08:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 02 Dec 2023 14:39:46 GMT
6b2333ff0b6a934f314e6b5957720264.js
www.gstatic.com/mysidia/ Frame 72F0
19 KB
8 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36ef63420f2a82374d016a378bf127ba8d3c761c8dcad295188b1690a17a0108
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 01:30:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
388543
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7824
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 00:31:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 30 Nov 2023 01:30:30 GMT
css
fonts.googleapis.com/ Frame 72F0
2 KB
639 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 05 Sep 2023 13:14:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 05 Sep 2023 13:26:13 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 72F0
2 KB
945 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
865
x-xss-protection
0
server
cafe
etag
5051423035144352294
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
136beb7e84d4b05a5b5bba85738ca9f6.js
www.gstatic.com/mysidia/ Frame 72F0
6 KB
2 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/136beb7e84d4b05a5b5bba85738ca9f6.js?tag=analytics_pingback_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
220049135e6c242896cea20cbd980419905e04e43cc5d1f9d23db3e00e25c6f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 07:32:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21198
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2330
x-xss-protection
0
last-modified
Fri, 01 Sep 2023 02:30:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 07:32:55 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame 72F0
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9067
x-xss-protection
0
server
cafe
etag
16184311534176170479
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 72F0
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:29:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7004
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Sep 2023 11:29:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 72F0
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 72F0
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
3c1ec1505caf618a1f8c049839112e9c.js
www.gstatic.com/mysidia/ Frame 72F0
36 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 01:09:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
389818
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15058
x-xss-protection
0
last-modified
Thu, 31 Aug 2023 22:08:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 30 Nov 2023 01:09:15 GMT
63e0a2a793d720ddab32c7ad1c79b976.js
www.gstatic.com/mysidia/ Frame 5F94
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 14:39:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
168387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3931
x-xss-protection
0
last-modified
Thu, 31 Aug 2023 22:08:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 02 Dec 2023 14:39:46 GMT
6b2333ff0b6a934f314e6b5957720264.js
www.gstatic.com/mysidia/ Frame 5F94
19 KB
8 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36ef63420f2a82374d016a378bf127ba8d3c761c8dcad295188b1690a17a0108
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 01:30:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
388543
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7824
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 00:31:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 30 Nov 2023 01:30:30 GMT
css
fonts.googleapis.com/ Frame 5F94
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 05 Sep 2023 11:56:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 05 Sep 2023 13:26:13 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 5F94
2 KB
926 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
865
x-xss-protection
0
server
cafe
etag
5051423035144352294
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
136beb7e84d4b05a5b5bba85738ca9f6.js
www.gstatic.com/mysidia/ Frame 5F94
6 KB
2 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/136beb7e84d4b05a5b5bba85738ca9f6.js?tag=analytics_pingback_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
220049135e6c242896cea20cbd980419905e04e43cc5d1f9d23db3e00e25c6f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 07:32:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21198
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2330
x-xss-protection
0
last-modified
Fri, 01 Sep 2023 02:30:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 07:32:55 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame 5F94
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9067
x-xss-protection
0
server
cafe
etag
16184311534176170479
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 5F94
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:29:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7004
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Sep 2023 11:29:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 5F94
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84720
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5F94
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
3c1ec1505caf618a1f8c049839112e9c.js
www.gstatic.com/mysidia/ Frame 5F94
36 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 01:09:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
389818
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15058
x-xss-protection
0
last-modified
Thu, 31 Aug 2023 22:08:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Thu, 30 Nov 2023 01:09:15 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame DF6A
98 KB
28 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ff0ac4ee795481d3f27f202f98d74099f847298ce97104cadb994b1b3ab18ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29007
x-xss-protection
0
server
cafe
etag
149 / 19605 / 31077575 / config-hash: 10968018803680569963
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DF6A
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame DF6A
0
293 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss51LWG1XgoHFTkzz83pf-c2q7oO5dB0igjj_tl9BM2MQaJvs23nBEBKPzFTCOIcNhQVUL9SSgR7DrwH2S6cvP1Nenv-EAiy-bu76k4l4dqJ4SHKRtkGUi5nVa50C4ix3vQfuQ4_bK2t__GAMq68vb_oKfBipBpOxreLTF-LYTz2KqlxbQzViFD2WEkq2WFlO88A9BEFku-BMGUd6-v5w1ZYytwm0QfqkA4iQPiJy3uaZ_CZldQOBvZu_puCYlYpxGiHNuWdh_XK1LJaJtBbgaEc8HzPhYyMH_OYJop_dQZf6_G-P_a9wMnLd2aRmHNvV9mFX_1It3foyDLr5RCTZ1YrvQCELIoWor6CNIL0Oyiz0Vk&sai=AMfl-YSUYSBMJ9Aa9lon83LFbkKktWGWyfMmVk8_L4ZFRQZicXi4WLNirwlxsaMjp8_wiMG3ByyqAAxqq7pqotU&sig=Cg0ArKJSzBEUp9eU2ZjOEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5EF1
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:13 GMT
truncated
/ Frame 5EF1
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd0574c842dfd21fa4f5d759540fae5917e102e54b6e014dce3d7833fbab604d

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame 372C
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
307 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Tue, 05 Sep 2023 13:26:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A02A
16 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 19:46:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
63608
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5660
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 05 Sep 2023 19:46:05 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A02A
34 KB
13 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1017873150032996342/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 02:17:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
40117
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13035
x-xss-protection
0
server
cafe
etag
2319883687766034370
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 06 Sep 2023 02:17:36 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/ Frame 82F6
403 KB
127 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
667d77669d19714ac96c979a077c8c1ddeb43e5d9b425bf78da585cb92935dad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 23:36:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
49789
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
129791
x-xss-protection
0
server
cafe
etag
6482524881801658577
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 03 Sep 2024 23:36:24 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x1e3d83c5fae1074c0000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%222846589465651208362%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217633114417566456721%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:13 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 72F0
0
349 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoRCAEqDXRvd2VyMi1zcXVhcmUKCggCKgZzZXJ2ZXIKFQgEKhFteXNpZGlhX2FuYWx5dGljcwoNECshAAAAAAAAP0AwBAoNEAMhAAAANDOzcUAwBAoNEA0hAAAAAICZuT8wBAoJEB4qAzB4MDAECgkQGSoDMHgwMAQKDRArIQAAAAAAgEBAMAQSGkNPX251WkRKazRFREZRSWM0QW9kbXBZT1FRIhJncGEvbWF4aW1hbF92MV9vY2goDA==
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/ Frame DF6A
403 KB
127 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077575
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
667d77669d19714ac96c979a077c8c1ddeb43e5d9b425bf78da585cb92935dad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 08:26:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
17962
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
129791
x-xss-protection
0
server
cafe
etag
6482524881801658577
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 04 Sep 2024 08:26:51 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5F94
0
56 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoJCAEqBXRvd2VyCgoIAioGc2VydmVyChUIBCoRbXlzaWRpYV9hbmFseXRpY3MKDRArIQAAAAAAADlAMAQKDRADIQAAANDMRHJAMAQKDRANIQAAAAAAAAAAMAQKCRAeKgMweDAwBAoJEBkqAzB4MDAECg0QKyEAAAAAAAA6QDAEEhpDUFRNcVpESms0RURGVWdxNEFvZGJlMFA5ZyIJZ3BhL21vbnRlKAw=
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 82F6
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe21f4c240c146411a479689475c64e9917d70d815f8e8a855524f37e66884ba

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame DF6A
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3bfe20847495149bc55134576cd7687e79a165b90da08ee51713258228decf18

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
ads
securepubads.g.doubleclick.net/gampad/ Frame 82F6
56 KB
20 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3410311566119883&correlator=2040459286334348&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com&abxe=1&dt=1693920373681&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=zh8ydscuy7h8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&loc=https%3A%2F%2F2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=160x0&fws=256&ohw=0&ea=0&dlt=1693920373073&idt=577&prev_scp=in2w_key9001%3D1%26in2w_key%3D21%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D21%252C22%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D10&adks=3803152362&frm=24
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d209c85285d21ad5f1a22b40bcfdbc72f33c5e4b2791c066c47e3480b9b7ff67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20282
x-xss-protection
0
google-lineitem-id
6135185025
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138376945770
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C7AA
6 KB
3 KB
Document
General
Full URL
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 5F94
Redirect Chain
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=ClEIScyz3ZLTHMsjUgAft2r-wD8LbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9DL_mYBp1O5N-U_grce28_NCmRJRZUGkK40_T2HzFx3LOXc...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%22248131830024854980%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216492327607227944161%22}&andc=true
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x65294c5a153cc3460000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"248131830024854980","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"16492327607227944161"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
null
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:14 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x65294c5a153cc3460000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"248131830024854980","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"16492327607227944161"}&andc=true
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame
0
0
Preflight
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=ClEIScyz3ZLTHMsjUgAft2r-wD8LbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9DL_mYBp1O5N-U_grce28_NCmRJRZUGkK40_T2HzFx3LOXcdmp4LomNAW0Wz8jpeCbvE0FLuY3ZFbJPOc3-t_PduwO-qv11FF1mWDSXdQ7pgymO5Q--Qc1B0_gS-5-VMej_qo4IGbAPY5Gn-iZHt791ipoM4AjaEng4cy6pJUUtrCs84DYIBlW7tM8A1yzCWHaNFRDT9Ca7KAHWOt9lTFT42zwBq_QCTEDlMqWmF3N8pog5AGU2NnNKICXBYfaBc0svEAXMHxtBh6-t876mO2j5uGa5IhRwrpj2ZFA_mE7991ry4A-oqFn_WwnTFC_usld_OhfzmuLDhZJEPWfevl4o-qzLyC0DKDavWi3s8LcUjF71BGhQxH5A8hlEZhfABOzvk7_ABOAEAYgFworW-0mSBQQIBBgBkgUECAUYBKAGLoAHntKM9QOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKWh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9nb29kcy1nYW1lcy5odG1sgAoDyAsB2gwQCgoQ8KWQt_O37-snEgIBA9gTDNAVAYAXAbIXHgocCAASFHB1Yi0zMDM5MTk5NTAzNDAzNjM0GJnSIQ&sigh=ZKqp4Etx0PM&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJW8iV1E7F3UmxCtnD6JzMtrdP8Qj-QbBgB&template_id=494&cbvp=2&vis=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 72F0
Redirect Chain
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=C6w68dCz3ZO_dBYK4gAearbqIBMLbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9Bt1rC_alICu6vpbZa1Is_NsTPyz45bGvh5f7TQLdTzPzSY...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%226603521052452644443%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213509243459762922177%22}&andc=true
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x65294c5a153cc3460000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"6603521052452644443","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"13509243459762922177"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
null
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:14 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xb9e37740a0a917a50000000000000000","2":"0x531faaf1f635f08d0000000000000000","3":"0xccd7b8e584f39a390000000000000000","4":"0x65294c5a153cc3460000000000000000","5":"0x512690dd66fe0d880000000000000000"},"debug_key":"6603521052452644443","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"13509243459762922177"}&andc=true
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame
0
0
Preflight
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C6w68dCz3ZO_dBYK4gAearbqIBMLbsqVx2LPp7NYRZBABINPLzjBg9ZXOgeAEoAGemryVKcgBCeACAKgDAcgD2wSqBJ8CT9Bt1rC_alICu6vpbZa1Is_NsTPyz45bGvh5f7TQLdTzPzSY0eHeBEpkdlWwXrA3JAuvYfSLBwPLdfXAZDPh5QCkYmpmhtj4Ggyr9rms9fLOThDyiiz9xEXRWT-cuA68SteRXS3RAjKebFWZeC5enPGa-Fa-1no9_SLRXS43VqGuPe4Z8o_0WNRTfhoo7y_6vj0nPwFS0ui2IXeVwAH7dY3mqB7a-2HneQ8VgdZGdtg4jNyxs8ZJujGQJURUKL8K4T0rNSmyxP0G0BmOwn1U0J90TtH7NKex2w8peeCjPC60fzv7hFjf3OMENio5YWZZ2u4bIV3Ug5QQeqgqZmbJsy_oBYFP2VEK0GA22dqpRH7PdeDXpxm9pHI5Oe6dieDABOzvk7_ABOAEAYgFworW-0mSBQQIBBgBkgUECAUYBKAGLoAHntKM9QOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKWh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9nb29kcy1nYW1lcy5odG1sgAoDyAsB2gwRCgsQsMmwuv2Bnu-FARICAQPYEwzQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=ijKv-fm_mt4&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWTh6BtBi_-7AwXP7c1jKJ-s4WnMMrQhgB&template_id=494&cbvp=2&vis=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame DF6A
23 KB
11 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1484939152211098&correlator=2804919905900087&eid=31076399%2C31077575&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com&abxe=1&dt=1693920373765&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=rvhchjdtgjlf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&loc=https%3A%2F%2F2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1693920373126&idt=618&prev_scp=in2w_key9001%3D1%26in2w_key%3D89%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D89%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=2280579906&frm=24
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53c4bd10754dd9286fe81d3964e31a672e8c608532fa3b30422a792e238f2552
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10895
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CEE6
6 KB
3 KB
Document
General
Full URL
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077575
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame 47D3
37 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame 1509
37 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: 2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
URL: https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame A02A
37 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
12270301321631160928
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
165 KB
165 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/12270301321631160928
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
32e5f2a0defb1736282fc001f1bc8927f84918773e27942f40c922f6db288c7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 03:42:50 GMT
x-content-type-options
nosniff
age
553403
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
168489
x-xss-protection
0
last-modified
Sun, 21 May 2023 13:10:35 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 29 Aug 2024 03:42:50 GMT
11240770365482791673
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
155 KB
155 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/11240770365482791673
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e4ee8bea178b7233def94937ea913a794656077eda30ab49e37aba8cc96b8bd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 19:33:04 GMT
x-content-type-options
nosniff
age
237189
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
158677
x-xss-protection
0
last-modified
Fri, 19 May 2023 23:59:03 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 01 Sep 2024 19:33:04 GMT
10823254944621028040
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
52 KB
52 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/10823254944621028040
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a16b26baebe653a88604831fc59bd38f7848491d5beed5165afb02dac40b975
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 10:58:21 GMT
x-content-type-options
nosniff
age
8872
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53394
x-xss-protection
0
last-modified
Tue, 23 May 2023 08:16:46 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 04 Sep 2024 10:58:21 GMT
18076405572446122132
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
173 KB
173 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/18076405572446122132
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
898a66fd3a2c23583edb7a0b805d27327bb3b39c8a5e1a672ec648c733001c2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 31 Aug 2023 08:49:16 GMT
x-content-type-options
nosniff
age
448617
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
176886
x-xss-protection
0
last-modified
Mon, 22 May 2023 22:38:19 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 30 Aug 2024 08:49:16 GMT
3516631676127494912
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
52 KB
52 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/3516631676127494912
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3a95c780e94d916656548d7a3731c9f26cfc6b7c7cf7c7c7c1a374f2a4cec6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 31 Aug 2023 17:51:52 GMT
x-content-type-options
nosniff
age
416061
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53725
x-xss-protection
0
last-modified
Sat, 20 May 2023 19:11:04 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 30 Aug 2024 17:51:52 GMT
9748262786698640375
tpc.googlesyndication.com/gpa_images/simgad/ Frame A02A
49 KB
49 KB
Image
General
Full URL
https://tpc.googlesyndication.com/gpa_images/simgad/9748262786698640375
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e497e42ddc988c37d46e9ec59af849b5976c86995df0dc196568c35c1d74c109
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Aug 2023 04:14:02 GMT
x-content-type-options
nosniff
age
551531
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49698
x-xss-protection
0
last-modified
Sat, 20 May 2023 18:14:01 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 29 Aug 2024 04:14:02 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 82F6
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstxQWIDcUJg_CSmO8gwUJIyo8sC-RmQ0F3IUcxPCT-iyPItXI0lVcrUg4h_UpWoMNbHGZxsp7lcPSycXC5yqxDtu4hJr-vIbVLpYVPAYLMcEkUt0PDPC817tUklXXhApAmtK0m8UuQNTzWXIWHPLy_BtjpTUEfjWeQam785tMRy5NnQWiwZreGBlE-iDWiffsU18UQPWhNUzsA1-ELgJUpkdOKYWCE4qmHDKLjNPT37pN5NPtxpc0amb0OE4htnax2c2IzaKCoeLrOOmcnaCJg5OYSY-_A5xyop6x3JabeqPrgtDot8h0PSeBuZkZceedoBnMVdTipwhGZD80KXEoHFD6uAgXeQmL2AldALQbxtYP67Z4g&sai=AMfl-YTPWxYOVVl0coPdR7xLXqhx20SJ3XWoSFxwHEVLz-MhJfzVTBsUFD6G5TgYl7J7if6HR3WZ2X5eo-3CMCo&sig=Cg0ArKJSzK8iRUsCCaRBEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:13 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 82F6
15 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308300101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
24f2233bcac8045562d382302fe0184f2e49836fc03c61b6af537d245858e972
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:13 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11833
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5F94
0
56 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoJCAEqBXRvd2VyCgoIAioGc2VydmVyChUIBCoRbXlzaWRpYV9hbmFseXRpY3MKDRAQIQAAAAAAEqdAMAQKDRARIQAAAAAQOPNAMAQKDRASIQAAAAAAACBAMAQKDRATIQAAAAAAAAhAMAQKDRAXIQAAAAAARIVAMAQKDRAUIQAAAACQcPNAMAQKDRAVIQAAAAAAACRAMAQKDRAWIQAAAAAAABBAMAQKDRAYIQAAADQzt4VAMAQKDRAyIQAAAACgmdk_MAQKDRAzIQAAAACgmdk_MAQKDRA0IQAAAACgmdk_MAQKDRA1IQAAAACgmdk_MAQKDRA2IQAAAACgmdk_MAQKDRA3IQAAAACgmdk_MAQKDRA4IQAAAABoZvY_MAQKDRA5IQAAAODMjENAMAQKDRA6IQAAAEAz80NAMAQKDRA7IQAAAJqZJYVAMAQKDRA8IQAAAJqZJYVAMAQKDRA9IQAAAAAARIVAMAQKDRA-IQAAADQzh4VAMAQKDRA_IQAAADQzh4VAMAQKDRBAIQAAAJqZ1YVAMAQSGkNQVE1xWkRKazRFREZVZ3E0QW9kYmUwUDlnIglncGEvbW9udGUoDA==
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 72F0
0
56 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoRCAEqDXRvd2VyMi1zcXVhcmUKCggCKgZzZXJ2ZXIKFQgEKhFteXNpZGlhX2FuYWx5dGljcwoNEBAhAAAAAAASp0AwBAoNEBEhAAAAABA480AwBAoNEBIhAAAAAAAAIEAwBAoNEBMhAAAAAAAACEAwBAoNEBchAAAAmpmhhUAwBAoNEBQhAAAAAHBs80AwBAoNEBUhAAAAAAAAJEAwBAoNEBYhAAAAAAAAEEAwBAoNEBghAAAAzMxUhkAwBAoNEDIhAAAAADQz8z8wBAoNEDMhAAAAADQz8z8wBAoNEDQhAAAAADQz8z8wBAoNEDUhAAAAADQz8z8wBAoNEDYhAAAAADQz8z8wBAoNEDchAAAAADQz8z8wBAoNEDghAAAAADMzHUAwBAoNEDkhAAAAIDMzR0AwBAoNEDohAAAAAACAR0AwBAoNEDshAAAAmpmVhUAwBAoNEDwhAAAAmpmVhUAwBAoNED0hAAAAmpmhhUAwBAoNED4hAAAAZmYehkAwBAoNED8hAAAAZmYehkAwBAoNEEAhAAAAAAB0hkAwBBIaQ09fbnVaREprNEVERlFJYzRBb2RtcFlPUVEiEmdwYS9tYXhpbWFsX3YxX29jaCgM
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%22248131830024854980%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216492327607227944161%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:14 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb9e37740a0a917a50000000000000000%22,%222%22:%220x531faaf1f635f08d0000000000000000%22,%223%22:%220xccd7b8e584f39a390000000000000000%22,%224%22:%220x65294c5a153cc3460000000000000000%22,%225%22:%220x512690dd66fe0d880000000000000000%22},%22debug_key%22:%226603521052452644443%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213509243459762922177%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
null
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 13:26:14 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 82F6
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 13:26:14 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame DF6A
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstN4UGhVV3enmmigErgsvBXEZCJXN3m4IsStNWTDq5QzmYoletjNl5SrzN0N5RxfVbA8hJ6nwqLz4iNmCzLIdlHzaRNCXergXQenVpLQmi9r1CF1PIVDqObSZn0DvuZqIwrWN18iHJtnbLab0z1CAx373x7m5m3WmOQYgaAAwtNRXSmOEzF8zEmO8RyMcJpWQ4tkw5w7AJnJJBSN-V5bDr6PzNkXQI2LuiwHZnP3QsrrMa8LVgwFQm_bWXPE6wyNdirLFlUX_gVe9GkRkXJYxYx269gXwI2NRuGoXWNyoxpvrPqM5xFTEi5kQCZvI7TLHpd4FhXXOIlS5vCHqhtn6kiyBBo4fqQrf1wgHo0euPDMFyQS-w&sai=AMfl-YRRDqkEWf7D45xppEoQl34GRydavoG7mK4xDrE_zmBWGB2jKv08x2pkIlm7EWJJN865rxZAdWNPXQuJLKA&sig=Cg0ArKJSzNABwiBmHMEbEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:14 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame DF6A
15 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308300101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077575
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
91db794ce5bc0795f21c3ed5f3a25c50ddcad4e82055a80ab79af070f2c7eca1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11861
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 07FF
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6VApSUB1BXE-oeitPZCHGNLdSjt-vbwxhwMYinGuNYYLDP6WPhmoNzihWF0uwCVI7rphENaQpgCJxQa5Sl_JahggNjg-R9XWYfsixmkj3QOYZDr_Jl8tDXHhB5aMT96_DFfyv0VJ4s9cTbBcUgQleWizpN19OC_ulPhuqm4npswk7Dk82L_yUfZ23K7LKqFTBWgsE-2zwcoLZCvCy3lnzifHX9zHu8ndFNF9zm7Ec07xxPU729BYGzFkUiJgivNYQW0nyd3ofeUNXWODA8HASQtDcBcfEfo6MS6cnpO_0gDPU-Pj8pxkhq_GXrc5yjer9fePumpRn3fyObQY85-Z38PAo7runCkBrwhuhGN8ziyvd&sai=AMfl-YSuNmkNsNVb0yHzjLxh1JNzQHq0Xg-vmy_fo7IrXKSGd6U1-WTnIs8Fi8pznngcw9AMjVBs3u-h-8r2iTy95jtBQi_hX2GSnq1SVQ&sig=Cg0ArKJSzADpytqe0tbWEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 07FF
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:14 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 82F6
23 KB
11 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3410311566119883&correlator=2040459286334348&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|160x600&fluid=height&ifi=2&sfv=1-0-40&rcs=1&eri=5&sc=1&cdm=2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com&abxe=1&dt=1693920374281&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=zh8ydscuy7h8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fduolaameng_di3jiguoyu-tengzifbuerxiong&loc=https%3A%2F%2F2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=160x18&msz=160x18&fws=256&ohw=0&ea=0&dlt=1693920373073&idt=577&prev_scp=in2w_key%3D22%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1%2C1%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D21%2C22%26in2w_key9001%3D2&adks=3803152362&frm=24
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d722636fc120a2f0d246e66841a978a2595146e0f0db655e3b59ef3f47cd9334
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11054
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E6CA
6 KB
3 KB
Document
General
Full URL
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077575
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C1FA
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
7001
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 11:29:33 GMT
expires
Wed, 04 Sep 2024 11:29:33 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 1D53
829 B
996 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
13a1f2a4ed14209669ff131f596654ef196b96c63dac295b506f9c91946553bb
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-q7RSwxqzMvrQVJajrvP_Yg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
538
content-security-policy
script-src 'report-sample' 'nonce-q7RSwxqzMvrQVJajrvP_Yg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:14 GMT
expires
Tue, 05 Sep 2023 13:26:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar2.js
tpc.googlesyndication.com/sodar/ Frame DF6A
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077575
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 13:26:14 GMT
truncated
/ Frame 07FF
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ba2e9fe2d0f45c0abaa201f783880369db48fb844ab98ec015ec9e4deaaf43e

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 07FF
0
0

pixel
googleads.g.doubleclick.net/xbbe/ Frame 2F87
478 B
195 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhib8Mr0ATAB&v=APEucNVkT6imBgpq-DO4CICdSkk72oAmif6Iv6MYTwKiTYUhnN3dJicKopl8e4y95ZnZhK7hdZc-SryMbXcujBsUQ4VOYPY6yQ
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame E6CA
86 KB
29 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30167
x-xss-protection
0
server
cafe
etag
12949109546734229676
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E6CA
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DFn8VkuP78aC0EvVtjy2hUHtlgTrpnJqWBNja-r95pI6jtbMUpb2zN1dECP6_nVLRGuOHU_bv7uB8oCWhGDtRp2XsGslwdVGHPW-D3l0oGsXPIz0g
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E6CA
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6135478965778175428&x=1&ct=76
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame E6CA
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:29:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7005
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Sep 2023 11:29:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame E6CA
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84721
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
l
www.google.com/ads/measurement/ Frame E6CA
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-I7ZQJX8Z4ilHT_ZZyic6ksiVmANTSLaXwQ44gNRG4z6dP4J6dqxSc6NVLGBNfvUSIHl7rxGwtrWd6rCpyfdDqAS33Q
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E6CA
181 KB
56 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:14 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5EF1
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssFJ1Osb_CcpgeRd-zsehOpuYgOGJvC45YvsciPVsJJvwCnTpxpH3123cmOJf7ohw4qtQn49TvihkR2lxiB68VMXtys8fTS4fkybYmI7Imrsu5cCBt5ESFpVPGByKF0oh2djVPOZ3gVOg&sai=AMfl-YS-krCRTi6kgawjR7N6YxhpLnMmfs3t-WS1Txdz9Gn4Qy445n5cfbbnbhTcTRZlnnLg0Z0ZSiWS8R7j&sig=Cg0ArKJSzGrNMerpdxCfEAE&cid=CAQSGwBpAlJW5jQTfgoFLnQxWigvET374vHV38fYRBgB&id=lidar2&mcvt=1109&p=0,0,90,728&mtos=1109,1109,1109,1109,1109&tos=1109,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693920373006&rpt=615&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 07FF
0
0

container.html
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EA0F
6 KB
3 KB
Document
General
Full URL
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:13 GMT
expires
Wed, 04 Sep 2024 13:26:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B1FB
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
7001
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 11:29:33 GMT
expires
Wed, 04 Sep 2024 11:29:33 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A586
829 B
560 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d2c48da0f4e7c8356c2a97921626763d4ec5a7508413fd12a3a0ec6ec1e36b45
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Rew53YVAVhab4WTf1oz71w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
538
content-security-policy
script-src 'report-sample' 'nonce-Rew53YVAVhab4WTf1oz71w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:14 GMT
expires
Tue, 05 Sep 2023 13:26:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
pixel
cm.g.doubleclick.net/ Frame 2F87
170 B
409 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhib8Mr0ATAB&v=APEucNVkT6imBgpq-DO4CICdSkk72oAmif6Iv6MYTwKiTYUhnN3dJicKopl8e4y95ZnZhK7hdZc-SryMbXcujBsUQ4VOYPY6yQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2F87
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhib8Mr0ATAB&v=APEucNVkT6imBgpq-DO4CICdSkk72oAmif6Iv6MYTwKiTYUhnN3dJicKopl8e4y95ZnZhK7hdZc-SryMbXcujBsUQ4VOYPY6yQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2F87
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPcsd-cRyS27SRRDV5pIwgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhib8Mr0ATAB&v=APEucNVkT6imBgpq-DO4CICdSkk72oAmif6Iv6MYTwKiTYUhnN3dJicKopl8e4y95ZnZhK7hdZc-SryMbXcujBsUQ4VOYPY6yQ
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=495
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1D53
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308300101&jk=3410311566119883&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame C1FA
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3365
478 B
195 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhjQgsv0ATAB&v=APEucNXhAcA70ZgPVQim8Iaevkf0JecamMwHzZHwcupAJKhomJfv16uxNcyaZcN7UK6CJifEQkDX2sVDrA8NBl89UzNc1vT__g
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame EA0F
86 KB
29 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30167
x-xss-protection
0
server
cafe
etag
12949109546734229676
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA0F
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Camyysgmk8TRQaIPLdmVE3AX9-DupMuElhTk6y858m8IORNJ1JFGLb1pXHyjPfyTdhypqE314GgffLxwwMZcg8X6RFcxc_r_uayJa5RqY_j2aeXX4
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA0F
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15611013849043871748&x=1&ct=76
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame EA0F
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 11:29:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
7005
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Sep 2023 11:29:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame EA0F
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
84721
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
l
www.google.com/ads/measurement/ Frame EA0F
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8BIgI-bu-Vd4ld4iY6WNB8ZDtoVH3roJQx12BO040AAa_g995Oq9FeYkoNmnLrIk8gJqC-lX60yMvttB7_Qi0Z9S7NA
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EA0F
181 KB
56 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E6CA
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7231695730421&version=m202307240101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E6CA
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7231695730421&version=m202307240101&ct=76&x=1&cor=6135478965778175000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame E6CA
91 KB
37 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEH_Gk2p94Bh7dnYnLr4ybhFx4EX4Zn3TYWeeF0kQfC1Uf2RaZHo0gy6ZeM-k2szXTQitWXaetEM165sR4lO6_cgEkfD5tYcoGscFsXE5UEYa3skI&cry=1&dbm_d=AKAmf-CoiWxAuVb71COTre8QCVbPSupvzflye-xSj6XO81N0UPr5UyxbJ2p6ut66k5z-qLim7oIyLhkQdS2uS_UqVkecRvY7wiSmUdfMfTFJeuE9xzk5RhXPT8X5pJr0ZcZi1q_HYP8qkAfPIkgVdhNkwDnaG8QltZMh7SvyzsFI48jdRJBPhqxQCUXFTQZhAbSk5rHXw62NYF8-chanf2oHaGiW_jwm9alHdxP0nJG5kRQNUg3sGUt8dGImrMsXM-2vg_75OzRmuacAsie2K9V7JjqNv_IHpsWNAXcOfPJUjPWp67DpaXlUMbYuzXr3UX_uNq6JW3kCBRLPzuo-C5EQiuG53foRHmGHKVd3PD0bhQfx_GHyt-Hhzjgj2MToAljlEmwLewr8RpteLmnz26m88cA8DoRbP8wjuhCALjDCgpYw5P_Gs5j0eKOdFtgT6gy4fdchDIQwdlFvk6JWINp2N8ckJE3HasWDjIwJjUrMq3gfBgg3eTjKBcxS9qsAVli9hNT7CpcmngBZdgwVsZrO_fLjyr1R1FvUefbedVglX8SvG6n8u_8Uhj3UcWeT5ageXY6NzGF5zRVe2qFf018ARrRe0muanPfU9qxQXAnxGCvetZr66lErIOW5E3Bjh5wFsmUtU6ARnQLIt8o1wEXmFzYlOnCOU_8WQPQc94iK56LDMzr_YoXQHp21AmXtnIufgnmWxl-PXPR8PiQw-KMaoZ8iVqPA1e1RBxUqww-2soS3i22IVGCR2zy_QSkVq0x36A_Df9K750nvvzrGzUWccgj9pqwfY7wqFx06XaNqGKD6GHJkUXGv7KP_79osmxk-CqUwG0-6yQy6z3yPE7Inp7kGjBYDknsPRZquGwqSn4dDhmLKHcVJDpGJv_EunIp6eHI3k_uZDMVW4Aq3ZeH5yDqNS-sxAsQxTDmrY1nvV50yN3G_E7HK3wkB-7HZyRr2qovhIb82h8idQ_KyzNztkF_CbdZnvcDKHkw8HtdGTBAAGFNCoh28kmKvW9g6_qinFKeBzpI8VZC_9QjnFU76TDXxILDEA_VBsG0PpeDwj-D0cZAyjHvRoEJdmwSjNPk4XeJ7qoOmXVfEqHuvYT7tREgLVWqGYqPo5SL62H2_OhbMwCiBPWTzryqI2qZkuQkp5xIL8Y-yb-G1Kq6plvl2Hf3DlXkpeaQ4_7jDJe-C0Ft-ZAUBZpVKbVs8fLrONcRx0dsCbAHWbBliz-dXKta_opFLSsBL6T5ZxwbTllKECkr79uQHpnSed9vDm_N5HrBqp-6AvDxjOKkNIJggccVDWw2U7vvbGMYcpx7FETI5BLM1tsuAa3JUI6wbdfxNfkKwATARMMsqH51YfvX3UezLByz_QOJLeRDlYFp4qz-g2G5Tvb60_Qm5zywJizp8M2SIoClEb1e9d7SMBzwcjaJWpmdpNVZROvlKnVTK7CWZfFX3OPeeILHQ2CMFbnqmPbouoTNAR8lbFQemVPeit6KrDD4GzkPzobc6mfIOTq8i710TmuZxiVqIEAHXKkyz-5m8Uz4LXz-Lr3MCxSzz6lDZdT6GHm3C2RTphhixdV9fEoaiDaMbNficU0dH7kFjP2pLzme_T5s6UD-bJQTB_GVGAZUIwoT6Wz4BS7oCcj2BTT4bQKap2YLURO4f26_bJ-9Y3vnSkCWQRWKuuo3aRtfPVAyT9i198F8_4_TOtmvSJVyGJeGd1PF6pKxS-AlQ_gMCMfoEHtmoYvosLAKcMRtzeTNszHQRDLR1F2IVM5-SGoBN6c0AUu9rFCtUEfq-Rjhe99Au8m_Xy52kFmn_BiWVwj1tS7Bel1FwZZ-VIP90fxnjYPug3prMb1Vj21Kh77rN0a0vcKPinhjcp0r1_98FfDQm9E3l1HfNiWxQQv8750V3pnQy0vGpmsyp2abCph7igSrAuouSKDVX-2vvPsZyDkCM-srKZ1-EaajWk5Rj9F8yDM6ck58pAJu-50lChg1T1qlInUYKUzYJTerSo6Dtusg1xPylrs3miKr-gmzp4JiFAUnomuwv9XcqtqrahhFEOHbjn4nHtySD6FF7jUQ-HBmnj7G9Bslo-FnAmIfFdReszpqWRT5Uca1YkB38SShmMhmTegpEPCJN7fNaLLyblNLwutunJM-Fo11E5V26HT5X-XGCwcUtgls9791i9Wxmr4ttJ2h0dCoN1lh1po9-quH-fwWP-l_Ocz1iq-BrrHs2xE1-jZA7xw7LiEK3qw9NOOsSCej3pYwAXKzwkpTHQRKQPGoVtk9hIVJ92u1gOS8GFPyB6GdfL9rmPquFKeXT3zj3t36usuqvPP6CuR2ZtPs3g3cElzehg6S-0cdJeKLZbWhs_Q0i_xBt7M9npGTj_XUfGhBB9o8o8qEajOw_WLVsFIunQM0Qs7kSekR4sT1wVofo5hKhc9cacjxsudM17NdCNTDjJkXjxebCdU3OrbkOhJIIFtXQ6elN7hhvNf1XGI3wwsE5_bOrXbikCQW68epPtFJNpMBRf3axXD7RWMJ5LCFzjGGPwM92G6jBaaoaTKaRclmg1-xSfeZW80YBEt2au_rvvnDLtEyLjFi33za9iDOsJXxrdCWU0-0ZbvGUeB2t1PEWs_4S7xRHx7o8Lfh6-lcTHQS3Z626TQiuX_QAncG00zG1jU3mTff0uE9vFYqjYtFAW-unq5sJxvRQiK38TOdL9ZMF1t1WgQ8mtzA6rV_vhLm6HJioTF6kMAiKwuVhANTYL03rz6yiYWFrxYH4MbPLWPZLzpoVRfT2aVJ0eCbW4Umm5JvbFjO8ta8dOtyBWuLYni3u4T2gPYIuTo3hv_AMeJp3HVj-hOF6-WaSPnJDH3Jg6mfr6O45VdfqNK-BJX7ZS_bEdakfWq9VvM2OdxLeBhQGL9nJ2zsZHf20_svwh7yb7TC1cyAkdey7hqPuf7XDUAdHw7nddEQKl0hBnTvbGhhxlF6r2cCLDbJzjj2T95QRVvqlAAMT-BTfAjly2ktjySAdhL5tZ80xBoLPPVW7Z9OO3ex4rKV-qaP0g2s4cTkxONhsqzhKHixlzciF8lKpZLmI2f_CTYXEtkcO1V5RidjluofQ65jsWf8en8smXlSYn1Zd4y2NiGFEFLbVsnGStI4seLBJZYFhtsTS_w2nVJWndy6oLJYmvorrzxOA-z1Scyfy1kYeNN0uxBK5m3q0EjWs22bm64YdSbFMMMOltvkeG1MAQiamm9ohx3GpHAmxd-I5zPebZlCbD94xVj9kaJtwnRv-gLT2NzXuw8leIzxp6TGADOiOL-RZ11LI0NNSWhGUQQe3dP50E2BTb9ZJTXLYqP8Z0Hs4FT5v-XrAgGaEwv5Y2jBmGAwojOTPV7hzD09j35zANctpLo2_ktksEbVz1bgH5idGaeWDhrKYyE4rNFpnkvw41QdbTaahI5kTE6g-EWdAAZu0CepW8okNpU5utzTCh8qy3mhNvWZHl3ZP7J01hCI4ImsWI8n3240qMY6bBUlR-UATE8bmMu-rRmIfY9lI6tYiiV4GeBpY&cid=CAQSKQBpAlJWWfHhYRyd5WB1gzfhRgajGIgdQjhiAZ_3SpB9ePpFLnrZNSgxGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6135478965778175000&adk=4022746785&idt=154&cac=0&dtd=35
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78188233403d6dc0c09634882ffa3427f8369e41fa5bbf8984b4b92d360744a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38307
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame A586
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308300101&jk=1484939152211098&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame 3365
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhjQgsv0ATAB&v=APEucNXhAcA70ZgPVQim8Iaevkf0JecamMwHzZHwcupAJKhomJfv16uxNcyaZcN7UK6CJifEQkDX2sVDrA8NBl89UzNc1vT__g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3365
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhjQgsv0ATAB&v=APEucNXhAcA70ZgPVQim8Iaevkf0JecamMwHzZHwcupAJKhomJfv16uxNcyaZcN7UK6CJifEQkDX2sVDrA8NBl89UzNc1vT__g
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3365
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPcsd-cRyS27SRRDV5pIwgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ1oLRAhjQgsv0ATAB&v=APEucNXhAcA70ZgPVQim8Iaevkf0JecamMwHzZHwcupAJKhomJfv16uxNcyaZcN7UK6CJifEQkDX2sVDrA8NBl89UzNc1vT__g
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEA417DLWXdbDYz8kqeLgEiA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame B1FB
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA0F
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3284566676985&version=m202307240101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA0F
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3284566676985&version=m202307240101&ct=76&x=1&cor=15611013849043872000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame EA0F
91 KB
37 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_5MHD1wGWREQyM22V6qjimvQvNcLuMvnVUXnRenkbjjpqB6l-Xt37k-ku3lacgWHfLoNKqxC8FgEhzQAOBPErkSaGyggnv4E7hBhaEYR-_h2Zyq0&cry=1&dbm_d=AKAmf-Dt8OPj-O6XBK2zAHei-7PnlXweZCUCQh7lqdy3ZOYKzTeo-B_6rBfQ7XqA3FYZF2u7-cbyBNZjpHBqtG3eVDhFyl-mH9sOpgunSK-5B-ZYfU5FtrHBdo2tOSNeI1svtI-m3WqrlyhpV9jK3vwecWEVETpscpNQxLyhKCY9gCGuXjpCOM1vkW9X5WEd3tcRoL8usiKzzlGO5hspiiV1CyMdRSr01PZ7ruQuWEyyXdnXrIjLDMEgN2zEYyDYlxfffnuyoAW6b9RcbUBh45FBMNM1b7YcFYeagQUEDxIeF0lZxD-qFivj-ViU6YEf_4LmyO9R3UvChH0uyURBvwZ4RBKoHqfegMIeyQ-DhdDkOM5MnvmaBaPRXD2zPjG4Oj5JxQ0EpYh4U4FYqWowwwqDoS6pjcnJn7FW_SyvImumsxKiRKcmumojpeDet9EKERu3f2InJeI1OA2Stza23ZkT1TF_043SIm1Yx-YBd8ATvQTFt50papSZKk_ndh7b1qFvnMD_4QB6NJcZuBLMbIvBTOgtWqD215SAuXgkpgQFcZhctyqzNElGkLvjBFZgECA3VUg_MskPJe6p1u5KDI4rWg6klNzpH40M5d8Yr0WxThAF7iYRoujre0TpFoI1C5cM2r7LWsna-LRI4EC1UsQV4DcnwoBOUo2ktZr9aa0lHGZqK2ng-OjPSzJzCeCX4JDfmWwUi8oJ03rf3cFv22EQCd7YNLG7KK8IONkMoBgroiyqRGMLhYLShdoXsh9Z3dqUGMg8k_358OcZn9Vhihj2ou0ryLklO8h9z0qTAvdvU1SCMTHCrvFZLqUyi1_qK4rzj_bA7URLjuWxruYAHtOSx1HsRFkgTYlsGukAT5-4Ioga4bMR0nA4CIg4QRZlCDxVSthx0UVATUKarEmd9lB8YHRd-C1whRXDOyhhPhcyEL451pPUZypASBDWKvLdUtHsBYrkqbXjIfq5qaY8OsKhRwLNpdA_Jc8Crg4TpXGT6zC-bswYNCoXUNOP1Mt9Dg0Pe3Ga515bWAv5h_ZHm2HznhmfggkUgdpD1KaO8wUbWy7yVYFGZJ0MBEaWShANtDlVr0bHWkpygczYZfZxMR5hzJEHSLcxJ6bYjpda1FnqREJGptifr4LSDavcEY5tBzITjXpoT90rS5Ha2X8YMDzEAertkFMPJ9WpPXH2iXSbJwOy34Zn_GKuoFjSxKBvps8xjReBPursFx_PPlu-d_GoJMHbXqxrMTm_c3bBSTZpRvm84_0mkrQVI6k5QPn2uX6g6a_zPcXmrxn8EgzEJ1_BIRKQfQqDpfDmvFPe8DjHpw1GpQuEGL-ItTVkirYy91LZ7d0Y0D3TAGerLhvkCumTYqiaqIt86UwGhGERF5saCXdEfmXo4JKUcTn3oRSm3J_A9zh1S0QroPiPyHl-0vQTDtK9XKAZ17vWKCyYllyrfEf1dzJGxROIgqV0Nu3jBmUOD9XqyaPNqWOhtN4cuRy--JVRIRn7g2-4HgTHAryFJTflxtxpvf-YYRjemj3Cq_NNAfaVufKbXwj-LEwIXDrR49zR_4FQAe2Cc8YAByde4eiImcU7kgWJLu8wlNnJKO--3eGhEyS5OPX1cuRT3PesOIJjqHLuIQoxkVp_HA5FJocIP5GR9CsC_KhBwbqP-4vjLQPkHTE2o7hpuMYHa8y_EcLphQUrkNPMxOBJa3M0sLrd9slzdz-CQ5lhFnWEg-TlqqoD2A58zy-AxBQvLkYKZcCPXaUL82_RIPEnkdfh0ELV2k-QkcGhOkuJjO2EOxGWsmTyi18lynXBuhDHR-YFLf9lz3lg0nZbDDEVznqeQ7iwyLD00IXEQcdeorEL3jzZ142u-sHbtvWDqTUOq1Hj0ebcfpri7uzzhLrMktQx5_-LC1dJJLti-bcouYt0VoevMWiXonacNRWGt_d2kdWaXAQeCTu8rpTrSAb7r5D7IvtPqQw_Gl4AB1pCoy8zHhqhWYV-mYODAzA1IstwYzIUAOjzejuIlYyr_HrzZ84Q4k2bGqqX-R4wDVaPyUsTHDGqHOAxMCH0iw-1SDJ3j9tiHkIG2OujUXYomgfsfF2oB2dex9RXVDVUrDsQTZMPO66rCaERonu7KgXCMrM--qtiTIFUr8tTwxniqrMz99Np-Nk61WvudPX29pwkT5RgKyMN-mXFWn2HG0TXdFuk1tIQM3OMY6M8JrZI_G0sdlGnrqddDhaWvheBloadB2KhfLnZk-McMFTeHIekbXbsC8vOpmqDyDbjdoH073KefBqv9OZj-U9EU7iAEfh5bTfIEtYW8sH3nS5QjW7T1FXIQTE_2u7w8-dQT9kKGIpMIS_B3RCai3lZMSkDPZ32d9nqLMAHG9xGWyfJ2LjvPHOfjbEKc4Fgsf1zLNtk6bOrYlCQRYKSWvm7kmizqjsil1QM3GXUGF04U4gOZQqytwQvT5Zze60r8T8-G6fSA_ss8WoYjc3GhYgm_o_mi3NvDx9V3-8t_Ss0qZjPgx5JrcLeJwovlvYCDSTbz0SA4ThQ1e2a9pWhtuJ5cMUOTBclOVyuhGaKE_zmOJ6-octZMV0y4bbSQw82XUkO8V2tmLLY8oEX0L58NqjocXtwBAxswHUNSZ8W0HphLaogTaa25o1qTq9QeSt4AdSHarHSL0M9aoEefJp9_mOMW0aYyNZO9cCImsjk1PA8cu8vdVaWZUPmD9gPoCI4xIh6kAKkL4xDRDVUbvtFfp1eC4EzA2GgY-Nlx-W88udP3790W09APjGRnCda47k2awPrZ2254jxf_3CVmwBn1CIrOhLLSzSB7H-Klsbcrvdqr5B79n1PCp03CaJ31Bmo_RzHbN2_9NCyCyVX1VT1lgIaqb8M93x8fVG1Ad4BB1RgGe2NX8Db-7LjmoSZzUtAcQhH1JaWdvYkqlgFcsekQLkOyGrGUi_HChwdQIJRdv_PiVEUjtmztLe1zG-W0qmF8Y0dT-VnjCxT0GkyLPE8FRaBUjQPZrgpIJAsw9aJsqsHh6JeviUZZVATAVbddClIJAGDlSQvMv5Adnou3309-c0Ll-5tkljpRfQAsChEel18qL8tgD6xnSc7w7_v3quDVo51cPcwJM1Yzje8CighZFCwVTVnJwU7TFY9b_lTLgbVmMEkbJlpLiUWFFDGiwtPFlRv8qGndYKJh1jR1D0184-0KkPmY51ScXJfikTSbvjYNkG5QhzpS4eakN0S3NwMN-IgXddfaH4fPav7rnicU-8jkZqgMJVptPHGk-igx8UV8QdzC4m8P2cv5lXaL-00ZMUh81I8yRXZt7lJvxDCg_PCi19Cc75rchG2m2BH86_M1duzKmyBKw_lYPC786yfqqWMBlLYxOjGJ_Sh6_2PSq4FDKkrqNRSMA6vlthcSY7V98zf03dka8KgVPdD0eMLgDiAV_zhdHzDSecq0IEtM3xqkzMTjcPg47rOQQm5rzABwEy1VsibjsQ9xPSGkjhCH2koWMcdd7BASM1Z1KG3LIZHiAK2mt772aqNDcZsMlmzEEomea2pvsnpj6JHM_5-pfFOBg&cid=CAQSKQBpAlJWZKnSSmmSbJD6X0aSCx6F6i5xn8t46zlfNxoZgiZakHNxF0TrGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=15611013849043872000&adk=1268836065&idt=188&cac=0&dtd=13
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fc50efba0b93853f3cd41051c567a18e74200805002b97917f3c27ee2287f98e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38357
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame E6CA
172 KB
61 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
Origin
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 09:29:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14233
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Sep 2023 09:29:02 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/elements/html/ Frame E6CA
11 KB
4 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEH_Gk2p94Bh7dnYnLr4ybhFx4EX4Zn3TYWeeF0kQfC1Uf2RaZHo0gy6ZeM-k2szXTQitWXaetEM165sR4lO6_cgEkfD5tYcoGscFsXE5UEYa3skI&cry=1&dbm_d=AKAmf-CoiWxAuVb71COTre8QCVbPSupvzflye-xSj6XO81N0UPr5UyxbJ2p6ut66k5z-qLim7oIyLhkQdS2uS_UqVkecRvY7wiSmUdfMfTFJeuE9xzk5RhXPT8X5pJr0ZcZi1q_HYP8qkAfPIkgVdhNkwDnaG8QltZMh7SvyzsFI48jdRJBPhqxQCUXFTQZhAbSk5rHXw62NYF8-chanf2oHaGiW_jwm9alHdxP0nJG5kRQNUg3sGUt8dGImrMsXM-2vg_75OzRmuacAsie2K9V7JjqNv_IHpsWNAXcOfPJUjPWp67DpaXlUMbYuzXr3UX_uNq6JW3kCBRLPzuo-C5EQiuG53foRHmGHKVd3PD0bhQfx_GHyt-Hhzjgj2MToAljlEmwLewr8RpteLmnz26m88cA8DoRbP8wjuhCALjDCgpYw5P_Gs5j0eKOdFtgT6gy4fdchDIQwdlFvk6JWINp2N8ckJE3HasWDjIwJjUrMq3gfBgg3eTjKBcxS9qsAVli9hNT7CpcmngBZdgwVsZrO_fLjyr1R1FvUefbedVglX8SvG6n8u_8Uhj3UcWeT5ageXY6NzGF5zRVe2qFf018ARrRe0muanPfU9qxQXAnxGCvetZr66lErIOW5E3Bjh5wFsmUtU6ARnQLIt8o1wEXmFzYlOnCOU_8WQPQc94iK56LDMzr_YoXQHp21AmXtnIufgnmWxl-PXPR8PiQw-KMaoZ8iVqPA1e1RBxUqww-2soS3i22IVGCR2zy_QSkVq0x36A_Df9K750nvvzrGzUWccgj9pqwfY7wqFx06XaNqGKD6GHJkUXGv7KP_79osmxk-CqUwG0-6yQy6z3yPE7Inp7kGjBYDknsPRZquGwqSn4dDhmLKHcVJDpGJv_EunIp6eHI3k_uZDMVW4Aq3ZeH5yDqNS-sxAsQxTDmrY1nvV50yN3G_E7HK3wkB-7HZyRr2qovhIb82h8idQ_KyzNztkF_CbdZnvcDKHkw8HtdGTBAAGFNCoh28kmKvW9g6_qinFKeBzpI8VZC_9QjnFU76TDXxILDEA_VBsG0PpeDwj-D0cZAyjHvRoEJdmwSjNPk4XeJ7qoOmXVfEqHuvYT7tREgLVWqGYqPo5SL62H2_OhbMwCiBPWTzryqI2qZkuQkp5xIL8Y-yb-G1Kq6plvl2Hf3DlXkpeaQ4_7jDJe-C0Ft-ZAUBZpVKbVs8fLrONcRx0dsCbAHWbBliz-dXKta_opFLSsBL6T5ZxwbTllKECkr79uQHpnSed9vDm_N5HrBqp-6AvDxjOKkNIJggccVDWw2U7vvbGMYcpx7FETI5BLM1tsuAa3JUI6wbdfxNfkKwATARMMsqH51YfvX3UezLByz_QOJLeRDlYFp4qz-g2G5Tvb60_Qm5zywJizp8M2SIoClEb1e9d7SMBzwcjaJWpmdpNVZROvlKnVTK7CWZfFX3OPeeILHQ2CMFbnqmPbouoTNAR8lbFQemVPeit6KrDD4GzkPzobc6mfIOTq8i710TmuZxiVqIEAHXKkyz-5m8Uz4LXz-Lr3MCxSzz6lDZdT6GHm3C2RTphhixdV9fEoaiDaMbNficU0dH7kFjP2pLzme_T5s6UD-bJQTB_GVGAZUIwoT6Wz4BS7oCcj2BTT4bQKap2YLURO4f26_bJ-9Y3vnSkCWQRWKuuo3aRtfPVAyT9i198F8_4_TOtmvSJVyGJeGd1PF6pKxS-AlQ_gMCMfoEHtmoYvosLAKcMRtzeTNszHQRDLR1F2IVM5-SGoBN6c0AUu9rFCtUEfq-Rjhe99Au8m_Xy52kFmn_BiWVwj1tS7Bel1FwZZ-VIP90fxnjYPug3prMb1Vj21Kh77rN0a0vcKPinhjcp0r1_98FfDQm9E3l1HfNiWxQQv8750V3pnQy0vGpmsyp2abCph7igSrAuouSKDVX-2vvPsZyDkCM-srKZ1-EaajWk5Rj9F8yDM6ck58pAJu-50lChg1T1qlInUYKUzYJTerSo6Dtusg1xPylrs3miKr-gmzp4JiFAUnomuwv9XcqtqrahhFEOHbjn4nHtySD6FF7jUQ-HBmnj7G9Bslo-FnAmIfFdReszpqWRT5Uca1YkB38SShmMhmTegpEPCJN7fNaLLyblNLwutunJM-Fo11E5V26HT5X-XGCwcUtgls9791i9Wxmr4ttJ2h0dCoN1lh1po9-quH-fwWP-l_Ocz1iq-BrrHs2xE1-jZA7xw7LiEK3qw9NOOsSCej3pYwAXKzwkpTHQRKQPGoVtk9hIVJ92u1gOS8GFPyB6GdfL9rmPquFKeXT3zj3t36usuqvPP6CuR2ZtPs3g3cElzehg6S-0cdJeKLZbWhs_Q0i_xBt7M9npGTj_XUfGhBB9o8o8qEajOw_WLVsFIunQM0Qs7kSekR4sT1wVofo5hKhc9cacjxsudM17NdCNTDjJkXjxebCdU3OrbkOhJIIFtXQ6elN7hhvNf1XGI3wwsE5_bOrXbikCQW68epPtFJNpMBRf3axXD7RWMJ5LCFzjGGPwM92G6jBaaoaTKaRclmg1-xSfeZW80YBEt2au_rvvnDLtEyLjFi33za9iDOsJXxrdCWU0-0ZbvGUeB2t1PEWs_4S7xRHx7o8Lfh6-lcTHQS3Z626TQiuX_QAncG00zG1jU3mTff0uE9vFYqjYtFAW-unq5sJxvRQiK38TOdL9ZMF1t1WgQ8mtzA6rV_vhLm6HJioTF6kMAiKwuVhANTYL03rz6yiYWFrxYH4MbPLWPZLzpoVRfT2aVJ0eCbW4Umm5JvbFjO8ta8dOtyBWuLYni3u4T2gPYIuTo3hv_AMeJp3HVj-hOF6-WaSPnJDH3Jg6mfr6O45VdfqNK-BJX7ZS_bEdakfWq9VvM2OdxLeBhQGL9nJ2zsZHf20_svwh7yb7TC1cyAkdey7hqPuf7XDUAdHw7nddEQKl0hBnTvbGhhxlF6r2cCLDbJzjj2T95QRVvqlAAMT-BTfAjly2ktjySAdhL5tZ80xBoLPPVW7Z9OO3ex4rKV-qaP0g2s4cTkxONhsqzhKHixlzciF8lKpZLmI2f_CTYXEtkcO1V5RidjluofQ65jsWf8en8smXlSYn1Zd4y2NiGFEFLbVsnGStI4seLBJZYFhtsTS_w2nVJWndy6oLJYmvorrzxOA-z1Scyfy1kYeNN0uxBK5m3q0EjWs22bm64YdSbFMMMOltvkeG1MAQiamm9ohx3GpHAmxd-I5zPebZlCbD94xVj9kaJtwnRv-gLT2NzXuw8leIzxp6TGADOiOL-RZ11LI0NNSWhGUQQe3dP50E2BTb9ZJTXLYqP8Z0Hs4FT5v-XrAgGaEwv5Y2jBmGAwojOTPV7hzD09j35zANctpLo2_ktksEbVz1bgH5idGaeWDhrKYyE4rNFpnkvw41QdbTaahI5kTE6g-EWdAAZu0CepW8okNpU5utzTCh8qy3mhNvWZHl3ZP7J01hCI4ImsWI8n3240qMY6bBUlR-UATE8bmMu-rRmIfY9lI6tYiiV4GeBpY&cid=CAQSKQBpAlJWWfHhYRyd5WB1gzfhRgajGIgdQjhiAZ_3SpB9ePpFLnrZNSgxGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6135478965778175000&adk=4022746785&idt=154&cac=0&dtd=35
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:56:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
84588
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4196
x-xss-protection
0
server
cafe
etag
15907914729094346842
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:56:27 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame E6CA
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEH_Gk2p94Bh7dnYnLr4ybhFx4EX4Zn3TYWeeF0kQfC1Uf2RaZHo0gy6ZeM-k2szXTQitWXaetEM165sR4lO6_cgEkfD5tYcoGscFsXE5UEYa3skI&cry=1&dbm_d=AKAmf-CoiWxAuVb71COTre8QCVbPSupvzflye-xSj6XO81N0UPr5UyxbJ2p6ut66k5z-qLim7oIyLhkQdS2uS_UqVkecRvY7wiSmUdfMfTFJeuE9xzk5RhXPT8X5pJr0ZcZi1q_HYP8qkAfPIkgVdhNkwDnaG8QltZMh7SvyzsFI48jdRJBPhqxQCUXFTQZhAbSk5rHXw62NYF8-chanf2oHaGiW_jwm9alHdxP0nJG5kRQNUg3sGUt8dGImrMsXM-2vg_75OzRmuacAsie2K9V7JjqNv_IHpsWNAXcOfPJUjPWp67DpaXlUMbYuzXr3UX_uNq6JW3kCBRLPzuo-C5EQiuG53foRHmGHKVd3PD0bhQfx_GHyt-Hhzjgj2MToAljlEmwLewr8RpteLmnz26m88cA8DoRbP8wjuhCALjDCgpYw5P_Gs5j0eKOdFtgT6gy4fdchDIQwdlFvk6JWINp2N8ckJE3HasWDjIwJjUrMq3gfBgg3eTjKBcxS9qsAVli9hNT7CpcmngBZdgwVsZrO_fLjyr1R1FvUefbedVglX8SvG6n8u_8Uhj3UcWeT5ageXY6NzGF5zRVe2qFf018ARrRe0muanPfU9qxQXAnxGCvetZr66lErIOW5E3Bjh5wFsmUtU6ARnQLIt8o1wEXmFzYlOnCOU_8WQPQc94iK56LDMzr_YoXQHp21AmXtnIufgnmWxl-PXPR8PiQw-KMaoZ8iVqPA1e1RBxUqww-2soS3i22IVGCR2zy_QSkVq0x36A_Df9K750nvvzrGzUWccgj9pqwfY7wqFx06XaNqGKD6GHJkUXGv7KP_79osmxk-CqUwG0-6yQy6z3yPE7Inp7kGjBYDknsPRZquGwqSn4dDhmLKHcVJDpGJv_EunIp6eHI3k_uZDMVW4Aq3ZeH5yDqNS-sxAsQxTDmrY1nvV50yN3G_E7HK3wkB-7HZyRr2qovhIb82h8idQ_KyzNztkF_CbdZnvcDKHkw8HtdGTBAAGFNCoh28kmKvW9g6_qinFKeBzpI8VZC_9QjnFU76TDXxILDEA_VBsG0PpeDwj-D0cZAyjHvRoEJdmwSjNPk4XeJ7qoOmXVfEqHuvYT7tREgLVWqGYqPo5SL62H2_OhbMwCiBPWTzryqI2qZkuQkp5xIL8Y-yb-G1Kq6plvl2Hf3DlXkpeaQ4_7jDJe-C0Ft-ZAUBZpVKbVs8fLrONcRx0dsCbAHWbBliz-dXKta_opFLSsBL6T5ZxwbTllKECkr79uQHpnSed9vDm_N5HrBqp-6AvDxjOKkNIJggccVDWw2U7vvbGMYcpx7FETI5BLM1tsuAa3JUI6wbdfxNfkKwATARMMsqH51YfvX3UezLByz_QOJLeRDlYFp4qz-g2G5Tvb60_Qm5zywJizp8M2SIoClEb1e9d7SMBzwcjaJWpmdpNVZROvlKnVTK7CWZfFX3OPeeILHQ2CMFbnqmPbouoTNAR8lbFQemVPeit6KrDD4GzkPzobc6mfIOTq8i710TmuZxiVqIEAHXKkyz-5m8Uz4LXz-Lr3MCxSzz6lDZdT6GHm3C2RTphhixdV9fEoaiDaMbNficU0dH7kFjP2pLzme_T5s6UD-bJQTB_GVGAZUIwoT6Wz4BS7oCcj2BTT4bQKap2YLURO4f26_bJ-9Y3vnSkCWQRWKuuo3aRtfPVAyT9i198F8_4_TOtmvSJVyGJeGd1PF6pKxS-AlQ_gMCMfoEHtmoYvosLAKcMRtzeTNszHQRDLR1F2IVM5-SGoBN6c0AUu9rFCtUEfq-Rjhe99Au8m_Xy52kFmn_BiWVwj1tS7Bel1FwZZ-VIP90fxnjYPug3prMb1Vj21Kh77rN0a0vcKPinhjcp0r1_98FfDQm9E3l1HfNiWxQQv8750V3pnQy0vGpmsyp2abCph7igSrAuouSKDVX-2vvPsZyDkCM-srKZ1-EaajWk5Rj9F8yDM6ck58pAJu-50lChg1T1qlInUYKUzYJTerSo6Dtusg1xPylrs3miKr-gmzp4JiFAUnomuwv9XcqtqrahhFEOHbjn4nHtySD6FF7jUQ-HBmnj7G9Bslo-FnAmIfFdReszpqWRT5Uca1YkB38SShmMhmTegpEPCJN7fNaLLyblNLwutunJM-Fo11E5V26HT5X-XGCwcUtgls9791i9Wxmr4ttJ2h0dCoN1lh1po9-quH-fwWP-l_Ocz1iq-BrrHs2xE1-jZA7xw7LiEK3qw9NOOsSCej3pYwAXKzwkpTHQRKQPGoVtk9hIVJ92u1gOS8GFPyB6GdfL9rmPquFKeXT3zj3t36usuqvPP6CuR2ZtPs3g3cElzehg6S-0cdJeKLZbWhs_Q0i_xBt7M9npGTj_XUfGhBB9o8o8qEajOw_WLVsFIunQM0Qs7kSekR4sT1wVofo5hKhc9cacjxsudM17NdCNTDjJkXjxebCdU3OrbkOhJIIFtXQ6elN7hhvNf1XGI3wwsE5_bOrXbikCQW68epPtFJNpMBRf3axXD7RWMJ5LCFzjGGPwM92G6jBaaoaTKaRclmg1-xSfeZW80YBEt2au_rvvnDLtEyLjFi33za9iDOsJXxrdCWU0-0ZbvGUeB2t1PEWs_4S7xRHx7o8Lfh6-lcTHQS3Z626TQiuX_QAncG00zG1jU3mTff0uE9vFYqjYtFAW-unq5sJxvRQiK38TOdL9ZMF1t1WgQ8mtzA6rV_vhLm6HJioTF6kMAiKwuVhANTYL03rz6yiYWFrxYH4MbPLWPZLzpoVRfT2aVJ0eCbW4Umm5JvbFjO8ta8dOtyBWuLYni3u4T2gPYIuTo3hv_AMeJp3HVj-hOF6-WaSPnJDH3Jg6mfr6O45VdfqNK-BJX7ZS_bEdakfWq9VvM2OdxLeBhQGL9nJ2zsZHf20_svwh7yb7TC1cyAkdey7hqPuf7XDUAdHw7nddEQKl0hBnTvbGhhxlF6r2cCLDbJzjj2T95QRVvqlAAMT-BTfAjly2ktjySAdhL5tZ80xBoLPPVW7Z9OO3ex4rKV-qaP0g2s4cTkxONhsqzhKHixlzciF8lKpZLmI2f_CTYXEtkcO1V5RidjluofQ65jsWf8en8smXlSYn1Zd4y2NiGFEFLbVsnGStI4seLBJZYFhtsTS_w2nVJWndy6oLJYmvorrzxOA-z1Scyfy1kYeNN0uxBK5m3q0EjWs22bm64YdSbFMMMOltvkeG1MAQiamm9ohx3GpHAmxd-I5zPebZlCbD94xVj9kaJtwnRv-gLT2NzXuw8leIzxp6TGADOiOL-RZ11LI0NNSWhGUQQe3dP50E2BTb9ZJTXLYqP8Z0Hs4FT5v-XrAgGaEwv5Y2jBmGAwojOTPV7hzD09j35zANctpLo2_ktksEbVz1bgH5idGaeWDhrKYyE4rNFpnkvw41QdbTaahI5kTE6g-EWdAAZu0CepW8okNpU5utzTCh8qy3mhNvWZHl3ZP7J01hCI4ImsWI8n3240qMY6bBUlR-UATE8bmMu-rRmIfY9lI6tYiiV4GeBpY&cid=CAQSKQBpAlJWWfHhYRyd5WB1gzfhRgajGIgdQjhiAZ_3SpB9ePpFLnrZNSgxGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6135478965778175000&adk=4022746785&idt=154&cac=0&dtd=35
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 14:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
84308
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11511
x-xss-protection
0
server
cafe
etag
961974302080011826
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 14:01:07 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E6CA
41 KB
13 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 03:41:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
294300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13692
x-xss-protection
0
last-modified
Sun, 25 Jun 2023 02:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 03:41:15 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 3BCF
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
7936
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 11:13:59 GMT
etag
48472445140208031
expires
Wed, 06 Sep 2023 11:13:59 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame E6CA
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26fab55491a1925f7ab2db4f8973ab3c2c49f42b6ac60ed547e4a736ce11bfc6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame EA0F
172 KB
60 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
Origin
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 09:29:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14233
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Sep 2023 09:29:02 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/elements/html/ Frame EA0F
11 KB
4 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_5MHD1wGWREQyM22V6qjimvQvNcLuMvnVUXnRenkbjjpqB6l-Xt37k-ku3lacgWHfLoNKqxC8FgEhzQAOBPErkSaGyggnv4E7hBhaEYR-_h2Zyq0&cry=1&dbm_d=AKAmf-Dt8OPj-O6XBK2zAHei-7PnlXweZCUCQh7lqdy3ZOYKzTeo-B_6rBfQ7XqA3FYZF2u7-cbyBNZjpHBqtG3eVDhFyl-mH9sOpgunSK-5B-ZYfU5FtrHBdo2tOSNeI1svtI-m3WqrlyhpV9jK3vwecWEVETpscpNQxLyhKCY9gCGuXjpCOM1vkW9X5WEd3tcRoL8usiKzzlGO5hspiiV1CyMdRSr01PZ7ruQuWEyyXdnXrIjLDMEgN2zEYyDYlxfffnuyoAW6b9RcbUBh45FBMNM1b7YcFYeagQUEDxIeF0lZxD-qFivj-ViU6YEf_4LmyO9R3UvChH0uyURBvwZ4RBKoHqfegMIeyQ-DhdDkOM5MnvmaBaPRXD2zPjG4Oj5JxQ0EpYh4U4FYqWowwwqDoS6pjcnJn7FW_SyvImumsxKiRKcmumojpeDet9EKERu3f2InJeI1OA2Stza23ZkT1TF_043SIm1Yx-YBd8ATvQTFt50papSZKk_ndh7b1qFvnMD_4QB6NJcZuBLMbIvBTOgtWqD215SAuXgkpgQFcZhctyqzNElGkLvjBFZgECA3VUg_MskPJe6p1u5KDI4rWg6klNzpH40M5d8Yr0WxThAF7iYRoujre0TpFoI1C5cM2r7LWsna-LRI4EC1UsQV4DcnwoBOUo2ktZr9aa0lHGZqK2ng-OjPSzJzCeCX4JDfmWwUi8oJ03rf3cFv22EQCd7YNLG7KK8IONkMoBgroiyqRGMLhYLShdoXsh9Z3dqUGMg8k_358OcZn9Vhihj2ou0ryLklO8h9z0qTAvdvU1SCMTHCrvFZLqUyi1_qK4rzj_bA7URLjuWxruYAHtOSx1HsRFkgTYlsGukAT5-4Ioga4bMR0nA4CIg4QRZlCDxVSthx0UVATUKarEmd9lB8YHRd-C1whRXDOyhhPhcyEL451pPUZypASBDWKvLdUtHsBYrkqbXjIfq5qaY8OsKhRwLNpdA_Jc8Crg4TpXGT6zC-bswYNCoXUNOP1Mt9Dg0Pe3Ga515bWAv5h_ZHm2HznhmfggkUgdpD1KaO8wUbWy7yVYFGZJ0MBEaWShANtDlVr0bHWkpygczYZfZxMR5hzJEHSLcxJ6bYjpda1FnqREJGptifr4LSDavcEY5tBzITjXpoT90rS5Ha2X8YMDzEAertkFMPJ9WpPXH2iXSbJwOy34Zn_GKuoFjSxKBvps8xjReBPursFx_PPlu-d_GoJMHbXqxrMTm_c3bBSTZpRvm84_0mkrQVI6k5QPn2uX6g6a_zPcXmrxn8EgzEJ1_BIRKQfQqDpfDmvFPe8DjHpw1GpQuEGL-ItTVkirYy91LZ7d0Y0D3TAGerLhvkCumTYqiaqIt86UwGhGERF5saCXdEfmXo4JKUcTn3oRSm3J_A9zh1S0QroPiPyHl-0vQTDtK9XKAZ17vWKCyYllyrfEf1dzJGxROIgqV0Nu3jBmUOD9XqyaPNqWOhtN4cuRy--JVRIRn7g2-4HgTHAryFJTflxtxpvf-YYRjemj3Cq_NNAfaVufKbXwj-LEwIXDrR49zR_4FQAe2Cc8YAByde4eiImcU7kgWJLu8wlNnJKO--3eGhEyS5OPX1cuRT3PesOIJjqHLuIQoxkVp_HA5FJocIP5GR9CsC_KhBwbqP-4vjLQPkHTE2o7hpuMYHa8y_EcLphQUrkNPMxOBJa3M0sLrd9slzdz-CQ5lhFnWEg-TlqqoD2A58zy-AxBQvLkYKZcCPXaUL82_RIPEnkdfh0ELV2k-QkcGhOkuJjO2EOxGWsmTyi18lynXBuhDHR-YFLf9lz3lg0nZbDDEVznqeQ7iwyLD00IXEQcdeorEL3jzZ142u-sHbtvWDqTUOq1Hj0ebcfpri7uzzhLrMktQx5_-LC1dJJLti-bcouYt0VoevMWiXonacNRWGt_d2kdWaXAQeCTu8rpTrSAb7r5D7IvtPqQw_Gl4AB1pCoy8zHhqhWYV-mYODAzA1IstwYzIUAOjzejuIlYyr_HrzZ84Q4k2bGqqX-R4wDVaPyUsTHDGqHOAxMCH0iw-1SDJ3j9tiHkIG2OujUXYomgfsfF2oB2dex9RXVDVUrDsQTZMPO66rCaERonu7KgXCMrM--qtiTIFUr8tTwxniqrMz99Np-Nk61WvudPX29pwkT5RgKyMN-mXFWn2HG0TXdFuk1tIQM3OMY6M8JrZI_G0sdlGnrqddDhaWvheBloadB2KhfLnZk-McMFTeHIekbXbsC8vOpmqDyDbjdoH073KefBqv9OZj-U9EU7iAEfh5bTfIEtYW8sH3nS5QjW7T1FXIQTE_2u7w8-dQT9kKGIpMIS_B3RCai3lZMSkDPZ32d9nqLMAHG9xGWyfJ2LjvPHOfjbEKc4Fgsf1zLNtk6bOrYlCQRYKSWvm7kmizqjsil1QM3GXUGF04U4gOZQqytwQvT5Zze60r8T8-G6fSA_ss8WoYjc3GhYgm_o_mi3NvDx9V3-8t_Ss0qZjPgx5JrcLeJwovlvYCDSTbz0SA4ThQ1e2a9pWhtuJ5cMUOTBclOVyuhGaKE_zmOJ6-octZMV0y4bbSQw82XUkO8V2tmLLY8oEX0L58NqjocXtwBAxswHUNSZ8W0HphLaogTaa25o1qTq9QeSt4AdSHarHSL0M9aoEefJp9_mOMW0aYyNZO9cCImsjk1PA8cu8vdVaWZUPmD9gPoCI4xIh6kAKkL4xDRDVUbvtFfp1eC4EzA2GgY-Nlx-W88udP3790W09APjGRnCda47k2awPrZ2254jxf_3CVmwBn1CIrOhLLSzSB7H-Klsbcrvdqr5B79n1PCp03CaJ31Bmo_RzHbN2_9NCyCyVX1VT1lgIaqb8M93x8fVG1Ad4BB1RgGe2NX8Db-7LjmoSZzUtAcQhH1JaWdvYkqlgFcsekQLkOyGrGUi_HChwdQIJRdv_PiVEUjtmztLe1zG-W0qmF8Y0dT-VnjCxT0GkyLPE8FRaBUjQPZrgpIJAsw9aJsqsHh6JeviUZZVATAVbddClIJAGDlSQvMv5Adnou3309-c0Ll-5tkljpRfQAsChEel18qL8tgD6xnSc7w7_v3quDVo51cPcwJM1Yzje8CighZFCwVTVnJwU7TFY9b_lTLgbVmMEkbJlpLiUWFFDGiwtPFlRv8qGndYKJh1jR1D0184-0KkPmY51ScXJfikTSbvjYNkG5QhzpS4eakN0S3NwMN-IgXddfaH4fPav7rnicU-8jkZqgMJVptPHGk-igx8UV8QdzC4m8P2cv5lXaL-00ZMUh81I8yRXZt7lJvxDCg_PCi19Cc75rchG2m2BH86_M1duzKmyBKw_lYPC786yfqqWMBlLYxOjGJ_Sh6_2PSq4FDKkrqNRSMA6vlthcSY7V98zf03dka8KgVPdD0eMLgDiAV_zhdHzDSecq0IEtM3xqkzMTjcPg47rOQQm5rzABwEy1VsibjsQ9xPSGkjhCH2koWMcdd7BASM1Z1KG3LIZHiAK2mt772aqNDcZsMlmzEEomea2pvsnpj6JHM_5-pfFOBg&cid=CAQSKQBpAlJWZKnSSmmSbJD6X0aSCx6F6i5xn8t46zlfNxoZgiZakHNxF0TrGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=15611013849043872000&adk=1268836065&idt=188&cac=0&dtd=13
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:56:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
84588
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4196
x-xss-protection
0
server
cafe
etag
15907914729094346842
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:56:27 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame EA0F
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_5MHD1wGWREQyM22V6qjimvQvNcLuMvnVUXnRenkbjjpqB6l-Xt37k-ku3lacgWHfLoNKqxC8FgEhzQAOBPErkSaGyggnv4E7hBhaEYR-_h2Zyq0&cry=1&dbm_d=AKAmf-Dt8OPj-O6XBK2zAHei-7PnlXweZCUCQh7lqdy3ZOYKzTeo-B_6rBfQ7XqA3FYZF2u7-cbyBNZjpHBqtG3eVDhFyl-mH9sOpgunSK-5B-ZYfU5FtrHBdo2tOSNeI1svtI-m3WqrlyhpV9jK3vwecWEVETpscpNQxLyhKCY9gCGuXjpCOM1vkW9X5WEd3tcRoL8usiKzzlGO5hspiiV1CyMdRSr01PZ7ruQuWEyyXdnXrIjLDMEgN2zEYyDYlxfffnuyoAW6b9RcbUBh45FBMNM1b7YcFYeagQUEDxIeF0lZxD-qFivj-ViU6YEf_4LmyO9R3UvChH0uyURBvwZ4RBKoHqfegMIeyQ-DhdDkOM5MnvmaBaPRXD2zPjG4Oj5JxQ0EpYh4U4FYqWowwwqDoS6pjcnJn7FW_SyvImumsxKiRKcmumojpeDet9EKERu3f2InJeI1OA2Stza23ZkT1TF_043SIm1Yx-YBd8ATvQTFt50papSZKk_ndh7b1qFvnMD_4QB6NJcZuBLMbIvBTOgtWqD215SAuXgkpgQFcZhctyqzNElGkLvjBFZgECA3VUg_MskPJe6p1u5KDI4rWg6klNzpH40M5d8Yr0WxThAF7iYRoujre0TpFoI1C5cM2r7LWsna-LRI4EC1UsQV4DcnwoBOUo2ktZr9aa0lHGZqK2ng-OjPSzJzCeCX4JDfmWwUi8oJ03rf3cFv22EQCd7YNLG7KK8IONkMoBgroiyqRGMLhYLShdoXsh9Z3dqUGMg8k_358OcZn9Vhihj2ou0ryLklO8h9z0qTAvdvU1SCMTHCrvFZLqUyi1_qK4rzj_bA7URLjuWxruYAHtOSx1HsRFkgTYlsGukAT5-4Ioga4bMR0nA4CIg4QRZlCDxVSthx0UVATUKarEmd9lB8YHRd-C1whRXDOyhhPhcyEL451pPUZypASBDWKvLdUtHsBYrkqbXjIfq5qaY8OsKhRwLNpdA_Jc8Crg4TpXGT6zC-bswYNCoXUNOP1Mt9Dg0Pe3Ga515bWAv5h_ZHm2HznhmfggkUgdpD1KaO8wUbWy7yVYFGZJ0MBEaWShANtDlVr0bHWkpygczYZfZxMR5hzJEHSLcxJ6bYjpda1FnqREJGptifr4LSDavcEY5tBzITjXpoT90rS5Ha2X8YMDzEAertkFMPJ9WpPXH2iXSbJwOy34Zn_GKuoFjSxKBvps8xjReBPursFx_PPlu-d_GoJMHbXqxrMTm_c3bBSTZpRvm84_0mkrQVI6k5QPn2uX6g6a_zPcXmrxn8EgzEJ1_BIRKQfQqDpfDmvFPe8DjHpw1GpQuEGL-ItTVkirYy91LZ7d0Y0D3TAGerLhvkCumTYqiaqIt86UwGhGERF5saCXdEfmXo4JKUcTn3oRSm3J_A9zh1S0QroPiPyHl-0vQTDtK9XKAZ17vWKCyYllyrfEf1dzJGxROIgqV0Nu3jBmUOD9XqyaPNqWOhtN4cuRy--JVRIRn7g2-4HgTHAryFJTflxtxpvf-YYRjemj3Cq_NNAfaVufKbXwj-LEwIXDrR49zR_4FQAe2Cc8YAByde4eiImcU7kgWJLu8wlNnJKO--3eGhEyS5OPX1cuRT3PesOIJjqHLuIQoxkVp_HA5FJocIP5GR9CsC_KhBwbqP-4vjLQPkHTE2o7hpuMYHa8y_EcLphQUrkNPMxOBJa3M0sLrd9slzdz-CQ5lhFnWEg-TlqqoD2A58zy-AxBQvLkYKZcCPXaUL82_RIPEnkdfh0ELV2k-QkcGhOkuJjO2EOxGWsmTyi18lynXBuhDHR-YFLf9lz3lg0nZbDDEVznqeQ7iwyLD00IXEQcdeorEL3jzZ142u-sHbtvWDqTUOq1Hj0ebcfpri7uzzhLrMktQx5_-LC1dJJLti-bcouYt0VoevMWiXonacNRWGt_d2kdWaXAQeCTu8rpTrSAb7r5D7IvtPqQw_Gl4AB1pCoy8zHhqhWYV-mYODAzA1IstwYzIUAOjzejuIlYyr_HrzZ84Q4k2bGqqX-R4wDVaPyUsTHDGqHOAxMCH0iw-1SDJ3j9tiHkIG2OujUXYomgfsfF2oB2dex9RXVDVUrDsQTZMPO66rCaERonu7KgXCMrM--qtiTIFUr8tTwxniqrMz99Np-Nk61WvudPX29pwkT5RgKyMN-mXFWn2HG0TXdFuk1tIQM3OMY6M8JrZI_G0sdlGnrqddDhaWvheBloadB2KhfLnZk-McMFTeHIekbXbsC8vOpmqDyDbjdoH073KefBqv9OZj-U9EU7iAEfh5bTfIEtYW8sH3nS5QjW7T1FXIQTE_2u7w8-dQT9kKGIpMIS_B3RCai3lZMSkDPZ32d9nqLMAHG9xGWyfJ2LjvPHOfjbEKc4Fgsf1zLNtk6bOrYlCQRYKSWvm7kmizqjsil1QM3GXUGF04U4gOZQqytwQvT5Zze60r8T8-G6fSA_ss8WoYjc3GhYgm_o_mi3NvDx9V3-8t_Ss0qZjPgx5JrcLeJwovlvYCDSTbz0SA4ThQ1e2a9pWhtuJ5cMUOTBclOVyuhGaKE_zmOJ6-octZMV0y4bbSQw82XUkO8V2tmLLY8oEX0L58NqjocXtwBAxswHUNSZ8W0HphLaogTaa25o1qTq9QeSt4AdSHarHSL0M9aoEefJp9_mOMW0aYyNZO9cCImsjk1PA8cu8vdVaWZUPmD9gPoCI4xIh6kAKkL4xDRDVUbvtFfp1eC4EzA2GgY-Nlx-W88udP3790W09APjGRnCda47k2awPrZ2254jxf_3CVmwBn1CIrOhLLSzSB7H-Klsbcrvdqr5B79n1PCp03CaJ31Bmo_RzHbN2_9NCyCyVX1VT1lgIaqb8M93x8fVG1Ad4BB1RgGe2NX8Db-7LjmoSZzUtAcQhH1JaWdvYkqlgFcsekQLkOyGrGUi_HChwdQIJRdv_PiVEUjtmztLe1zG-W0qmF8Y0dT-VnjCxT0GkyLPE8FRaBUjQPZrgpIJAsw9aJsqsHh6JeviUZZVATAVbddClIJAGDlSQvMv5Adnou3309-c0Ll-5tkljpRfQAsChEel18qL8tgD6xnSc7w7_v3quDVo51cPcwJM1Yzje8CighZFCwVTVnJwU7TFY9b_lTLgbVmMEkbJlpLiUWFFDGiwtPFlRv8qGndYKJh1jR1D0184-0KkPmY51ScXJfikTSbvjYNkG5QhzpS4eakN0S3NwMN-IgXddfaH4fPav7rnicU-8jkZqgMJVptPHGk-igx8UV8QdzC4m8P2cv5lXaL-00ZMUh81I8yRXZt7lJvxDCg_PCi19Cc75rchG2m2BH86_M1duzKmyBKw_lYPC786yfqqWMBlLYxOjGJ_Sh6_2PSq4FDKkrqNRSMA6vlthcSY7V98zf03dka8KgVPdD0eMLgDiAV_zhdHzDSecq0IEtM3xqkzMTjcPg47rOQQm5rzABwEy1VsibjsQ9xPSGkjhCH2koWMcdd7BASM1Z1KG3LIZHiAK2mt772aqNDcZsMlmzEEomea2pvsnpj6JHM_5-pfFOBg&cid=CAQSKQBpAlJWZKnSSmmSbJD6X0aSCx6F6i5xn8t46zlfNxoZgiZakHNxF0TrGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=15611013849043872000&adk=1268836065&idt=188&cac=0&dtd=13
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 14:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
84308
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11511
x-xss-protection
0
server
cafe
etag
961974302080011826
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 14:01:07 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame EA0F
41 KB
13 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 03:41:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
294300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13692
x-xss-protection
0
last-modified
Sun, 25 Jun 2023 02:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 03:41:15 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame AC35
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
197670
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 03 Sep 2023 06:31:45 GMT
expires
Mon, 02 Sep 2024 06:31:45 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 3B11
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
7936
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 11:13:59 GMT
etag
48472445140208031
expires
Wed, 06 Sep 2023 11:13:59 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame EA0F
220 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
da6b12fb974bc5acab04cb77286b91ccd3fd9116a3595bb3189b52e6d03c8669

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdi...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdiULh9qjKoP7faxS9D-3d0nE7UhDlhcgbyWaC0HaidELRaLuykf6JI
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0dcb732bd13b1eb84@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmSvlP5EG2SWRiWJ6yZUK2N2B8srZCkiFrEgfKfTYdiULh9qjKoP7faxS9D-3d0nE7UhDlhcgbyWaC0HaidELRaLuykf6JI
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMubcTxcRCCU33h-zkgPrLA&google_push=AXcoOmTmlpJK0jDZsG67XfHpa7HYonER6VYpJkW4DH4CkbcP0g1RQKorxm...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMubcTxcRCCU33h-zkgPrLA&google_push=AXcoOmTmlpJK0jDZsG67XfHpa7HYonER6VYpJkW4DH4CkbcP0g1RQKorxmMb-fvK9mN4hLeOkRuUU8kP_-43Uxj6eLq4t9Y2EOk
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by
cache-fra-eddf8230081-FRA
pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1693920376.744839,VS0,VE90
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEMubcTxcRCCU33h-zkgPrLA&google_push=AXcoOmTmlpJK0jDZsG67XfHpa7HYonER6VYpJkW4DH4CkbcP0g1RQKorxmMb-fvK9mN4hLeOkRuUU8kP_-43Uxj6eLq4t9Y2EOk
cache-control
no-cache
accept-ranges
bytes
content-length
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gk...
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gkug99SVZxDBJ8_ZMq4e&google_hm=e8a2061a-0285-4ad2-a2...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gkug99SVZxDBJ8_ZMq4e&google_hm=e8a2061a-0285-4ad2-a274-90c8e88c6b03
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-69
content-type
text/plain; charset=utf8
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AXcoOmT1iKitI-T1uYCoFZk5NEbGk-A5rcWXruFs6CFQb5do2JNdKe3z2ysfaBXDDEt2b8pCrgv_z1e8gkug99SVZxDBJ8_ZMq4e&google_hm=e8a2061a-0285-4ad2-a274-90c8e88c6b03
cache-control
no-cache, no-store, private
tcn
Choice
content-length
0
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO2sXhej93q6k4OF17JXo00&google_cver=1&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwL...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO2sXhej93q6k4OF17JXo00&google_cver=1&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwL...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10&google_hm=HRUGtGZHzk7wUQWFS-m5cH3o
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10&google_hm=HRUGtGZHzk7wUQWFS-m5cH3o
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Tue, 05 Sep 2023 13:26:15 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRe7T7OEOqZr3wWSoW3WDbFoyCGU-1cPx-aPWGSKsCp-BAyAMCCQDe9croj78IvZWLzPciqzIIH4DEG9_UwLI2gyF3y7-10&google_hm=HRUGtGZHzk7wUQWFS-m5cH3o
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://google.partners.tremorhub.com/sync?UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2rdxUEGiH4BxV_VqLbE7pfVlgWc2tsEZwTPfgqFQjyHcc_TEJq_Xji1l1OLiryi8NBFEl...
  • https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MzlhMzQ5ZjUzZDk0NDA1ZWExYzRlZjBiZTNjMzJjOTI%3D&UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2r...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MzlhMzQ5ZjUzZDk0NDA1ZWExYzRlZjBiZTNjMzJjOTI%3D&UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2rdxUEGiH4BxV_VqLbE7pfVlgWc2tsEZwTPfgqFQjyHcc_TEJq_Xji1l1OLiryi8NBFEl-omi5
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MzlhMzQ5ZjUzZDk0NDA1ZWExYzRlZjBiZTNjMzJjOTI%3D&UIDF=CAESEHta9Ge8fBtuhdYRAFdvbps&google_cver=1&google_push=AXcoOmRIPHTkHFENr2tuocCTwp2rdxUEGiH4BxV_VqLbE7pfVlgWc2tsEZwTPfgqFQjyHcc_TEJq_Xji1l1OLiryi8NBFEl-omi5
date
Tue, 05 Sep 2023 13:26:15 GMT
server
nginx
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
/
cc.adingo.jp/adx/push/ Frame 3BCF
0
44 B
Image
General
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEKIC8kdTL9ghBfutwH1Ew6k&google_cver=1&google_push=AXcoOmT-KqeXQM7zJBVlJ3TOpjo1yVHDHiAFoqOimcnJ3SwU10h-6YDDxG6mZUn20aWfd6ECrYVJMpAnrEA3RC6-XtYBpVa1qHJs
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.199.143.202 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-199-143-202.ap-northeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
server
awselb/2.0
pixel
cm.g.doubleclick.net/ Frame 3BCF
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIrglaoYMLPlWTdiY_vIWLg&google_cver=1&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOv...
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIrglaoYMLPlWTdiY_vIWLg&google_cver=1&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOv...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vWThheUp0RTJ1SDFoenFja0hjSXJaLnU2aE50SE1CeH5B&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zega...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vWThheUp0RTJ1SDFoenFja0hjSXJaLnU2aE50SE1CeH5B&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOvbvWxxMiyIIVEjZWE-1BjBdJv0HqQ
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vWThheUp0RTJ1SDFoenFja0hjSXJaLnU2aE50SE1CeH5B&google_push=AXcoOmRosGzapUVRQadaMs8zYaMcRxwaBhdSIbi2WT5m0i7udlw4_zegacqaBG0OQSQDBT1cOvbvWxxMiyIIVEjZWE-1BjBdJv0HqQ
date
Tue, 05 Sep 2023 13:26:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.75
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
attr
cm.g.doubleclick.net/pixel/ Frame 3BCF
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LqcxjUmC3junllpftruYyBN_qSg1fRB1_2O2Gk7yCxvVIKrhZ1s5lMeS9D0AVChCt4ArmVwQ
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
index.html
s0.2mdn.net/sadbundle/7224228829127448257/ Frame F9CE
724 B
451 B
Document
General
Full URL
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
191508e656696b753890ee1e00b9003b65ada37cb380d027f6ff624a5e58c119
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
423
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:15 GMT
expires
Wed, 04 Sep 2024 13:26:15 GMT
last-modified
Tue, 01 Aug 2023 13:35:38 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame E6CA
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv30D9iCngANKzptOGPYdtWTRfQTPvnSCP6Thr1Y4Twyoi0fBDxFRqxom_OLRTHJRO_0ixcSHffDZ3fWUZP7cK1zsFX-yUP-NmMJqzQl8BXMhXAOiSbpD2xmUFje-jMrWUjMR2e5Lje8UFuvsaza1c9KdN8zVYbZcC9VaMaSKFRhe15u1h_b1KgHKYe-BE-j4kc4zaCG9jHm8n1IwA9p3TfkaVc2z__2VNMyJjc_Vr5tVcIFn2kmNE0LpE7uuZbmG30fp4fX3ht5NEb4kcWnT95mL9c8lEUu5XnjgrTYbIcvPt4vuIPp7RSrHRWTy5yl2jGsAEkUGtUKGxSQc9kaPSB7KjrUFApC4LLXPfWl_d4iL-VM71Y2qoW89yxauy-VDNGfZeuZqqDA6ysfVVzHqahaCHO8KP2VYLGjbJxk2QmUt_xSWvFWpl6AQTYOCiM1sk15gG5hQMWlYPE6pW0K6viLnCykQoMSw2Y4XiGK-uSseyz9uqZF4grsjwKFcAF7X9BlT4K3dMqRLxcC0KHKmc_GL7VWo_vbHUp_G59Bn9BuCys2PTaXIOrOc2ydvDMIzjYSWcdmsDN_rCl6mW_xDyTw43ItZatawGY7zYkJ2eWhTFjacmFx8wGb3GXIVhrBkYxHAJ-KJuvmErpmADal3tq7kiv8y51862SnlL8ZDStmnz9LF1-Rhs5iwcKZZcBhvKJnL3fmb7rib493VK57ifmCKYLNoEv8_RdQ8Za_3OuEqDfB6L6je5kG7Bh3kFdkfjJGiEry4A5mnR6apDShmlNoOveL_03miM8Jip_g_NOCGi7bp0N7nVGuYw16tlncMC_19rFTIXXu-1A13hSUaNdcDmKti3WA56jIYKV-_hI1gbxgiV1EnuIY4dDbVNhXDOH9xflU4Gt6Az16P8GlJn0rRDw-Kfche_WbXbfTOkCXMfebNVotpley-Y3s5D2n5b2Gtjrj1y4sm9_Vx4qMjbklg2APmNJlop8DIK_TXm4Eh6X0aHA7gzLMIejlgF8lVbTgYwrh-WKK6z5N6kHfpAMGlyLZW3jcRirDnky2a5Uq9-NE8LedPKwmlbhJyi3quvBh4kNepix856fYZ2Q_U5vhg0vYxUZ24JW_AUxWcwlKTpqBycvDnP8yn_QxLSzeLh7x-HqKGwWcQlNbPsT9Cuc3ciCkZXX-0Lmp3FWPZmqNGaY2esZFJVrOTtMr5LPRLhPkcMxTIkOTWsJQAEdR12X-KdkvgTTH5z6xIACURmfV7XJ4yE-HWIUu_J6vNhllAZEn50apoGMFKqhHjSH-hGUPqNl_6BMQSdg3rf8QlNioaQExZXGGyWAmw0y8C-9JhQ&sai=AMfl-YSTo0ikwMrmcuE2fqg_fkAvtf_g31X4YBv52mzVwcIsc8BxJcYSdN76wF4nit6FARq4IL8TTXowEg9eihhJZzpfsEnjN09YOnB5G-UvcozYy9KZUhQwzbY_2Tn6t7TGml-_lRb60rf1kjUqpsq5MuJTGjyCbitIyUIPH15OWM_vc3O032TVrtxP8Svjqd1Ey0v3Ufi1kLGQ&sig=Cg0ArKJSzPEhCX4Fp-EuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=548&cbvp=1&cstd=535&cisv=r20230830.55374&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Tue, 05 Sep 2023 13:26:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:15 GMT
ai.aspx
m.exactag.com/ Frame E6CA
43 B
1 KB
Image
General
Full URL
https://m.exactag.com/ai.aspx?extProvId=63&extPu=os-mindshare&extProvApi=os_ch&extLi=26908321&extCr=154242867&extPm=374726406&gdpr_consent=&gdpr=
Requested by
Host: 1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
URL: https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.71 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Date
Tue, 05 Sep 2023 13:26:15 GMT
X-Content-Type-Options
nosniff
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy
cross-origin
Connection
close
X-ET-Monitoring
1
Content-Length
43
X-Xss-Protection
0
Pragma
no-cache
Last-Modified
Di, 05 Sep 2023 01:26:15 GMT
X-ET-Code
0
Accept-CH
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1871
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
index.html
s0.2mdn.net/sadbundle/8153466558811025824/ Frame 953F
724 B
452 B
Document
General
Full URL
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12148e2fd737fe99bb9409c766924afaed1d7c29d1e516a9c6376b8d10b2e16c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
424
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 13:26:15 GMT
expires
Wed, 04 Sep 2024 13:26:15 GMT
last-modified
Tue, 01 Aug 2023 13:31:35 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame EA0F
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss3TRsz4lb5JTJ7ZPXEVwWfMh7YWVKt-JBJ5HnXdtcXzmvVq5qQAKmNUOZdc3WaUF1sAckpOt1C4K5RaHuS1vXAmSgaai-_OLVabDzILmqpL8xeOyGXayhyjcUuxiikeGvHM8O5VUp4pxK_y7qCoTq7A7qrjS9AIKFR0RKHk4Kp7-1gpjEFzi0Q3nNnhL3XK582toCC16O2g9WJSX2v0c_8YLB0mTY885fcn7Mi6abBVkMuLRk2wGRk44Dft-As82_4hq-PY7xzMta5Ytb3wRnQxJQdpQTg4ByFp6JT8AfAj-iwEm5Tn3XklVLMP9i59XqoH9MlRIwtnqQW3Zr1V15s8CTYJgo-FcMWxcN9kBik5IdnqjVUrSLOOd0SbM84S-0jypeUW0ilvf_oNPP7tpL1FWnpYKM_qy9qYheqYV_JFrv9UKFYA1rhf0DEyeUbZLlO2rjwqo7BEWgY_mlHYRmFldSBV4omE1T4wLTOzVMPXAu-a1SyrBJds954PKa5RwA2Yey4-fkcPd8nHppFbVpbDnzMX25dnW2CJGHgyoolHj2CQuPqhEtSEsPOyF8SV7R4nCNuDqyGJG29HMU6zZ4iseqvyHwef3gwngNVH3NMwfkJE6nDhctG29FjuvE9uIbdChKOXyH9mY8tknamjjZRdSqgV67jSwjQ8nuShIGK991ZHFj5_kzUZUEn6e-UUxo7p_EVJMtHQgrH1ZKpNsmRaE4BhiTfXmX5jT-Gcof-QSljIEfsy2-fvIlzka7lHVI3utH2vMsuIWUNbK42suDTr3rVjBIiD99hdbc3sm5SKciUxGzohl9-GBo2ehN4F8kVmfABNM3prAS59i_A05banUDLqp9px_HIh3j8Y16jexLbyUcFjrUDTyK8RNrqFyz851lokBSaOcLS5E0yt1B3WpqgGLm0VPwQYToOfm5EpOz3W86h17pN-H8tGK7AYrdQUdEj0aso9mVsksHb0LrWCQkFozojpJ-Kksn2owNsvxMpRLrFEm6kJPJp-Csg026_zkQwXq0GO5McxlbQRk1ymqO-Sh1baWqxkA2b_FnJKB4zDyNdNVOADOsIaozzB9ZbjoBSkqE-X0x8BRAMQV_H1qpE9nRtnoHNZ0KFDlwjQKXGbZOC1bJkX8pDiEi8IU_bpGIkjUWOEsLjaF4KRony-XIS6VOW3pY3yg-ogyW7zbQy77wjOU58581-SXqzsA3CMeiguDOVCcJj_-bTC8RkqLf8AuFuHjgCOcuS7WAEMfCEqwE6qrUoF6XxzdZxLmxJ6-KDfUAUE2ZsAV7A9NrhRW4epj1tJ5xxiG9jt6m-g1sFv_Nn6Pj3Lf5h1jgxVk5jmA&sai=AMfl-YQ7sa5i5ycQsfDZt2rQnTQCF_LEVaa9ubx2gPq7mU7UZNnCVj6alYSw_VKMva-mRp2fvLsgJ-dHz_8x1vHaq_4fsp32iXT85W9dlIUsUDF969RnyHLR-5V7FAl2BSWUDEGh27M9lK2AfuHFio1PCKySmO79ZoTT_0px8_cIrQ8WnP36fHFTZHX0_54mf3gQSHpUGJTsyVbN&sig=Cg0ArKJSzMQUCztr6dOZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=419&cbvp=1&cstd=408&cisv=r20230830.29651&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Tue, 05 Sep 2023 13:26:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Tue, 05 Sep 2023 13:26:15 GMT
ai.aspx
m.exactag.com/ Frame EA0F
60 B
60 B
Image
General
Full URL
https://m.exactag.com/ai.aspx?extProvId=63&extPu=os-mindshare&extProvApi=os_ch&extLi=26908321&extCr=154074538&extPm=374726412&gdpr_consent=&gdpr=
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.71 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 13:26:15 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy
cross-origin
Connection
close
X-ET-Monitoring
1
X-Xss-Protection
0
Pragma
no-cache
Last-Modified
Di, 05 Sep 2023 01:26:15 GMT
X-ET-Code
0
Content-Type
image/gif
Cache-Control
max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp
1871
Expires
Mon, 26 Jul 1997 05:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3B11
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zx...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zxtcs5JgxbkSq1C2hdWvMecz5T8xZoPtO9HFQtRdcc-eJI6GGYdWPg
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:15 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0310c9e42ac8c94ba@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1ZaeU0zQ3QxUUR3NG41&google_gid=CAESEGn12_KGHDrsAsmFSGf7Hyw&google_cver=1&google_push=AXcoOmRSWNo_neNsj4p3sKoI27QxgObcVJ8dGzpRI2gR0zxtcs5JgxbkSq1C2hdWvMecz5T8xZoPtO9HFQtRdcc-eJI6GGYdWPg
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3B11
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEPzbEzhXCcDz1cm07YQrUO4&google_cver=1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZWjnMl1p33zuNEP
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7F9BF1B2832A45CE9277713DEFD9C7F1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZW...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7F9BF1B2832A45CE9277713DEFD9C7F1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZWjnMl1p33zuNEP
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 05 Sep 2023 13:26:15 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7F9BF1B2832A45CE9277713DEFD9C7F1&google_push=AXcoOmQBgc9jn8jgQbMMu_kqXmgPkiNAtLb__PjAjwFsC9bZbxwiIGiRsppQoT7qNfmDd7dzwhtlNRgaiQp42ZWjnMl1p33zuNEP
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Mon, 04 Sep 2023 13:26:15 GMT
google
match.adsrvr.org/track/cmf/ Frame 3B11
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEL6tMNOSO8LSCuAoSMvdS0E&google_cver=1&google_push=AXcoOmROLoqa44wRbSYGblAY-Nsf9fuHDL6XIU1X1MziA8erWdY1U9TRHxMAMVnVPOIR_mqXZyuZkJ9qGgRCzo6NItIYASF7_VxV
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Tue, 05 Sep 2023 13:26:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 3B11
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEFxIi8CX671KNMVAA8FOUJs&google_cver=1&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZ...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEFxIi8CX671KNMVAA8FOUJs&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZ...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU&google_hm=dThxRHB1UTIwMGo0NXA4...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU&google_hm=dThxRHB1UTIwMGo0NXA4ekJDa1g=
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 05 Sep 2023 13:26:16 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSnmT6ZtALq1JMj8nltVNUvniVIPrZMglKQBbLWgxRtDEntIML4S6DI0EF490eYcwZSLdCQhGM9QvCOZqZ-KYL-9TVgtGTU&google_hm=dThxRHB1UTIwMGo0NXA4ekJDa1g=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
236
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3B11
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=z6XsiAeZQNaYTslFhIqLIg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=z6XsiAeZQNaYTslFhIqLIg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTxeSvSCIMEjZ1s09vKk3du12ZwmRHglo0T3nVm7MuEq7fFS_kehEqi6ulsSVlU_vApgHO5f2NidsURk9C4o8Xo5It0c20
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=z6XsiAeZQNaYTslFhIqLIg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmTxeSvSCIMEjZ1s09vKk3du12ZwmRHglo0T3nVm7MuEq7fFS_kehEqi6ulsSVlU_vApgHO5f2NidsURk9C4o8Xo5It0c20
date
Tue, 05 Sep 2023 13:26:16 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 3B11
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKmtJSzSphQvKN4NS-GD4wc&google_cver=1&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiH...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgwMDU0NTIwNTU0OTY0ODU3MTM2Ng%3D%3D&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4b...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgwMDU0NTIwNTU0OTY0ODU3MTM2Ng%3D%3D&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzgwMDU0NTIwNTU0OTY0ODU3MTM2Ng%3D%3D&google_push=AXcoOmSbj-DUoaMpKgrjXpwjMlbsmKCbM1onE0vecoHjA4g32wXHzW4bfT9HdBZibwdX982LcpB0kMm_iztnAeNbGtwvjs5-SiHO
date
Tue, 05 Sep 2023 13:26:16 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
onetag-sys.com/match/ Frame 3B11
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMMYWprpjOYGH3t8hrDIATA&google_cver=1&google_push=AXcoOmRbXMD2LFF_KSEShyC7BzaMUQ6JaCWrWfTrWmdmbOik3rtyhZCQrjuRtwMERdK8BgRtjDBNUpKpXxf...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRbXMD2LFF_KSEShyC7BzaMUQ6JaCWrWfTrWmdmbOik3rtyhZCQrjuRtwMERdK8BgRtjDBNUpKpXxfNCsrNmWCVptRe2yKpZg
  • https://onetag-sys.com/match/?int_id=19&google_error=5
0
151 B
Image
General
Full URL
https://onetag-sys.com/match/?int_id=19&google_error=5
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H2
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:16 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
255
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 3B11
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JaV-SZtc24lsgHObZgRPi8s1yE6WUL5DMX2g292n57F_wZ-NjMdKFJhyveFu_SAjBuNfgvvQ
Requested by
Host: 23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
URL: https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:15 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 6C1F
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
197670
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 03 Sep 2023 06:31:45 GMT
expires
Mon, 02 Sep 2024 06:31:45 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame AC35
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
Enabler_01_250.js
s0.2mdn.net/879366/ Frame 953F
120 KB
41 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_250.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 06:12:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26041
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42247
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 21:28:42 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Sep 2023 06:12:14 GMT
gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 953F
63 KB
25 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25329
x-xss-protection
0
last-modified
Wed, 29 Dec 2021 19:08:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:26:15 GMT
de_CH.js
s0.2mdn.net/creatives/assets/4401560/ Frame 953F
107 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1bb749752a23c013624343163618c79882fd7f061ad5b93160527ff47c3a06d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:11:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
888
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39551
x-xss-protection
0
last-modified
Tue, 01 Aug 2023 10:24:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:26:27 GMT
Enabler_01_250.js
s0.2mdn.net/879366/ Frame F9CE
120 KB
41 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_250.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 06:12:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26041
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42247
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 21:28:42 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 06 Sep 2023 06:12:14 GMT
gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame F9CE
63 KB
25 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25329
x-xss-protection
0
last-modified
Wed, 29 Dec 2021 19:08:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:26:15 GMT
de_CH.js
s0.2mdn.net/creatives/assets/4401560/ Frame F9CE
107 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1bb749752a23c013624343163618c79882fd7f061ad5b93160527ff47c3a06d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:11:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
888
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39551
x-xss-protection
0
last-modified
Tue, 01 Aug 2023 10:24:49 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:26:27 GMT
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame 6C1F
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77934
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame EA0F
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss3TRsz4lb5JTJ7ZPXEVwWfMh7YWVKt-JBJ5HnXdtcXzmvVq5qQAKmNUOZdc3WaUF1sAckpOt1C4K5RaHuS1vXAmSgaai-_OLVabDzILmqpL8xeOyGXayhyjcUuxiikeGvHM8O5VUp4pxK_y7qCoTq7A7qrjS9AIKFR0RKHk4Kp7-1gpjEFzi0Q3nNnhL3XK582toCC16O2g9WJSX2v0c_8YLB0mTY885fcn7Mi6abBVkMuLRk2wGRk44Dft-As82_4hq-PY7xzMta5Ytb3wRnQxJQdpQTg4ByFp6JT8AfAj-iwEm5Tn3XklVLMP9i59XqoH9MlRIwtnqQW3Zr1V15s8CTYJgo-FcMWxcN9kBik5IdnqjVUrSLOOd0SbM84S-0jypeUW0ilvf_oNPP7tpL1FWnpYKM_qy9qYheqYV_JFrv9UKFYA1rhf0DEyeUbZLlO2rjwqo7BEWgY_mlHYRmFldSBV4omE1T4wLTOzVMPXAu-a1SyrBJds954PKa5RwA2Yey4-fkcPd8nHppFbVpbDnzMX25dnW2CJGHgyoolHj2CQuPqhEtSEsPOyF8SV7R4nCNuDqyGJG29HMU6zZ4iseqvyHwef3gwngNVH3NMwfkJE6nDhctG29FjuvE9uIbdChKOXyH9mY8tknamjjZRdSqgV67jSwjQ8nuShIGK991ZHFj5_kzUZUEn6e-UUxo7p_EVJMtHQgrH1ZKpNsmRaE4BhiTfXmX5jT-Gcof-QSljIEfsy2-fvIlzka7lHVI3utH2vMsuIWUNbK42suDTr3rVjBIiD99hdbc3sm5SKciUxGzohl9-GBo2ehN4F8kVmfABNM3prAS59i_A05banUDLqp9px_HIh3j8Y16jexLbyUcFjrUDTyK8RNrqFyz851lokBSaOcLS5E0yt1B3WpqgGLm0VPwQYToOfm5EpOz3W86h17pN-H8tGK7AYrdQUdEj0aso9mVsksHb0LrWCQkFozojpJ-Kksn2owNsvxMpRLrFEm6kJPJp-Csg026_zkQwXq0GO5McxlbQRk1ymqO-Sh1baWqxkA2b_FnJKB4zDyNdNVOADOsIaozzB9ZbjoBSkqE-X0x8BRAMQV_H1qpE9nRtnoHNZ0KFDlwjQKXGbZOC1bJkX8pDiEi8IU_bpGIkjUWOEsLjaF4KRony-XIS6VOW3pY3yg-ogyW7zbQy77wjOU58581-SXqzsA3CMeiguDOVCcJj_-bTC8RkqLf8AuFuHjgCOcuS7WAEMfCEqwE6qrUoF6XxzdZxLmxJ6-KDfUAUE2ZsAV7A9NrhRW4epj1tJ5xxiG9jt6m-g1sFv_Nn6Pj3Lf5h1jgxVk5jmA&sai=AMfl-YQ7sa5i5ycQsfDZt2rQnTQCF_LEVaa9ubx2gPq7mU7UZNnCVj6alYSw_VKMva-mRp2fvLsgJ-dHz_8x1vHaq_4fsp32iXT85W9dlIUsUDF969RnyHLR-5V7FAl2BSWUDEGh27M9lK2AfuHFio1PCKySmO79ZoTT_0px8_cIrQ8WnP36fHFTZHX0_54mf3gQSHpUGJTsyVbN&sig=Cg0ArKJSzMQUCztr6dOZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1195&vt=11&dtpt=776&dett=3&cstd=408&cisv=r20230830.29651&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:16 GMT
generate_204
tpc.googlesyndication.com/ Frame C1FA
0
12 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?h-5GtQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
view
googleads4.g.doubleclick.net/pcs/ Frame E6CA
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv30D9iCngANKzptOGPYdtWTRfQTPvnSCP6Thr1Y4Twyoi0fBDxFRqxom_OLRTHJRO_0ixcSHffDZ3fWUZP7cK1zsFX-yUP-NmMJqzQl8BXMhXAOiSbpD2xmUFje-jMrWUjMR2e5Lje8UFuvsaza1c9KdN8zVYbZcC9VaMaSKFRhe15u1h_b1KgHKYe-BE-j4kc4zaCG9jHm8n1IwA9p3TfkaVc2z__2VNMyJjc_Vr5tVcIFn2kmNE0LpE7uuZbmG30fp4fX3ht5NEb4kcWnT95mL9c8lEUu5XnjgrTYbIcvPt4vuIPp7RSrHRWTy5yl2jGsAEkUGtUKGxSQc9kaPSB7KjrUFApC4LLXPfWl_d4iL-VM71Y2qoW89yxauy-VDNGfZeuZqqDA6ysfVVzHqahaCHO8KP2VYLGjbJxk2QmUt_xSWvFWpl6AQTYOCiM1sk15gG5hQMWlYPE6pW0K6viLnCykQoMSw2Y4XiGK-uSseyz9uqZF4grsjwKFcAF7X9BlT4K3dMqRLxcC0KHKmc_GL7VWo_vbHUp_G59Bn9BuCys2PTaXIOrOc2ydvDMIzjYSWcdmsDN_rCl6mW_xDyTw43ItZatawGY7zYkJ2eWhTFjacmFx8wGb3GXIVhrBkYxHAJ-KJuvmErpmADal3tq7kiv8y51862SnlL8ZDStmnz9LF1-Rhs5iwcKZZcBhvKJnL3fmb7rib493VK57ifmCKYLNoEv8_RdQ8Za_3OuEqDfB6L6je5kG7Bh3kFdkfjJGiEry4A5mnR6apDShmlNoOveL_03miM8Jip_g_NOCGi7bp0N7nVGuYw16tlncMC_19rFTIXXu-1A13hSUaNdcDmKti3WA56jIYKV-_hI1gbxgiV1EnuIY4dDbVNhXDOH9xflU4Gt6Az16P8GlJn0rRDw-Kfche_WbXbfTOkCXMfebNVotpley-Y3s5D2n5b2Gtjrj1y4sm9_Vx4qMjbklg2APmNJlop8DIK_TXm4Eh6X0aHA7gzLMIejlgF8lVbTgYwrh-WKK6z5N6kHfpAMGlyLZW3jcRirDnky2a5Uq9-NE8LedPKwmlbhJyi3quvBh4kNepix856fYZ2Q_U5vhg0vYxUZ24JW_AUxWcwlKTpqBycvDnP8yn_QxLSzeLh7x-HqKGwWcQlNbPsT9Cuc3ciCkZXX-0Lmp3FWPZmqNGaY2esZFJVrOTtMr5LPRLhPkcMxTIkOTWsJQAEdR12X-KdkvgTTH5z6xIACURmfV7XJ4yE-HWIUu_J6vNhllAZEn50apoGMFKqhHjSH-hGUPqNl_6BMQSdg3rf8QlNioaQExZXGGyWAmw0y8C-9JhQ&sai=AMfl-YSTo0ikwMrmcuE2fqg_fkAvtf_g31X4YBv52mzVwcIsc8BxJcYSdN76wF4nit6FARq4IL8TTXowEg9eihhJZzpfsEnjN09YOnB5G-UvcozYy9KZUhQwzbY_2Tn6t7TGml-_lRb60rf1kjUqpsq5MuJTGjyCbitIyUIPH15OWM_vc3O032TVrtxP8Svjqd1Ey0v3Ufi1kLGQ&sig=Cg0ArKJSzPEhCX4Fp-EuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1418&vt=11&dtpt=870&dett=3&cstd=535&cisv=r20230830.55374&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 05 Sep 2023 13:26:16 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 953F
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3f927564073881220bfb188ac5a31a15e725a9274089f87ce0e1e9dc816b181e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5661
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame F9CE
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dbb02d066c8ee5dba07ec438fd755f6945f1f90a157d3eecdc90ad4a70d95e1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5711
x-xss-protection
0
generate_204
tpc.googlesyndication.com/ Frame B1FB
0
12 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?wNj6BQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ch_performance-leaderboard.js
s0.2mdn.net/creatives/assets/4629137/ Frame F9CE
215 KB
116 KB
Script
General
Full URL
https://s0.2mdn.net/creatives/assets/4629137/ch_performance-leaderboard.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
621bdb834d155a92b41c1e3f5e42cc1d24d52b08edd732dedcbf2c2ccb1c6c85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:23:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
144
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
118663
x-xss-protection
0
last-modified
Fri, 01 Sep 2023 13:53:35 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:38:52 GMT
Network_A320neo_728x90.jpg
s0.2mdn.net/creatives/assets/4630247/ Frame F9CE
11 KB
11 KB
XHR
General
Full URL
https://s0.2mdn.net/creatives/assets/4630247/Network_A320neo_728x90.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8cd3a26cf673e60afff14a4507d8b56c13b7b652286b647bd00ca6b23c19d702
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7224228829127448257/index.html?e=69&leftOffset=0&topOffset=0&c=BbjyBqR6Em&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:20:40 GMT
x-content-type-options
nosniff
age
336
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11084
x-xss-protection
0
last-modified
Thu, 06 Jul 2023 13:55:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:35:40 GMT
ch_performance-skyscraper.js
s0.2mdn.net/creatives/assets/4629137/ Frame 953F
213 KB
116 KB
Script
General
Full URL
https://s0.2mdn.net/creatives/assets/4629137/ch_performance-skyscraper.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bbbfaee1d461fc1bca55b61992b098d9ba06744001e1b72986ae498f9793b266
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:18:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
443
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
118440
x-xss-protection
0
last-modified
Mon, 04 Sep 2023 08:08:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:33:53 GMT
Network_A320neo_160x600.jpg
s0.2mdn.net/creatives/assets/4630247/ Frame 953F
10 KB
10 KB
XHR
General
Full URL
https://s0.2mdn.net/creatives/assets/4630247/Network_A320neo_160x600.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4401560/de_CH.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5dd2bb813a1b746fad27583164b489fa49e1e8abcd563889d2f5e01e2eac634a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/8153466558811025824/index.html?e=69&leftOffset=0&topOffset=0&c=b1EEplKswj&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:11:20 GMT
x-content-type-options
nosniff
age
896
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10436
x-xss-protection
0
last-modified
Thu, 06 Jul 2023 13:54:45 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Sep 2023 13:26:20 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 953F
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 13:26:16 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame F9CE
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 13:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 05 Sep 2023 13:26:16 GMT
truncated
/ Frame 953F
39 KB
39 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1f2b2338b1659185c9dd70ce5944bd6a8f34997d601b0966003c49a35249948

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/ Frame 953F
43 KB
43 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31f606ff16a9161e06ad0bcb7488be14e217ef394cc852db94e43e9e8506e159

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/ Frame F9CE
39 KB
39 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1f2b2338b1659185c9dd70ce5944bd6a8f34997d601b0966003c49a35249948

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/ Frame F9CE
43 KB
43 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31f606ff16a9161e06ad0bcb7488be14e217ef394cc852db94e43e9e8506e159

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/octet-stream
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame A52F
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77935
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
pagead2.googlesyndication.com/bg/ Frame C607
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:47:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
77935
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14793
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Sep 2024 15:47:22 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EA0F
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3284566676985&version=m202307240101&ct=76&x=1&cor=15611013849043872000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E6CA
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7231695730421&version=m202307240101&ct=76&x=1&cor=6135478965778175000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame AC35
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMHI7diz3ZPjAPMu4x_APwdaT0AcAAAAAOAHgBAI&bg=!YmGlYS7NAAYHwnCgJ8I7ADQBe5WfOH6za4VxHbkrlpHXLzXKrSPIKH6pGjjkuFaNpExlSV3lYiLDVcSbNmquOqWs5BPBAgAABp9SAAAACmgBB5kDUykyTRO68qJDPrvVq1Y42bBeOqgfyrQA3tJ1cAJYHzWADiiymu92FI6w17tYCxOyGTtQ2gCw8o9U6xrE4DpexgYXZNOG8GfntXrIHPbkQo58fUZzp0RlxVGq9af4t1w2Xw_LNpFbiu9dvQbWb5lqMuIhCuwd_7j9OHo8KG1IfdAYEzZheV_uYetjkISabIeW7EHadYfy5cogzy4g9LvTvCv3PvKgwO2rN6wducW0JOiZreeROC7RenXZQnTUbblW2SnKM3xuhqdBQeq1MYtwfv1jI6lV26gPgZux9J2JeSmF04UUNXMTRtuMyUK8lFZbK6lzlNAAiHrMTg78ACnAIYC37XOc_-TKeuAD6ax8qFoISKYMPKT3l-wYPFuZHX4ZQbVKbRPPNMQ_eDzu2VhswVnfDOK1B7czrq-VPQ6Ll26xZU9_hBl8s2ZkS8bnQWkXM1MW9DpP_NTuE0mg9DdK7r532V14N6r9L5PLFqsdkwDMZS93vHi9bzwTephFL_W2RAj4N6o2HlJc7nbM2beOkraU8E9c_kI1M3XOvbgo9BS-TzMqj2nUp19vJH3nl9_Pr71IpB4Ttc5I5s5NePvoIL0VKQqcXJYZODgg0SlF5N5vA95iaAyphRcmco4R_uRNLZvfiLZsD-YVe4lTP5UdPgSzKxvFjvjlwAL8hZv4UbnwMcnB5baS5ThA-570FfHPFY2VRiTD0gkhSK64mtkooDe4Vip-RKaDk8qJ8orDowyRFt70n0-gsVUD5NWsMg_drlNxH14kiQ5wc2uWn3loETx09FR4Q_VEiWkLjCP38UHR4DuTW8_mRQbtigd6IpgVAUxUCxMrKcF3GlyxX20S-zzfb0VVQzG1BgzI406giepb2_JLiR8kZpU30rs0sxwBqaf7oplIaSYmR3YgBgNbwdozm1ZMZ_ETOKeNlzmi6DOeMWbIW7PJ4L0YVpm7cGh38k0xIsIZv7bqbT5vGxPztrR8iB_R0M2MFQ6_JMdBcf_TTdX0HBn29a-pTjzIDr1wDJ1xwDupwCPk7ZpnQrTynJliadJNEbEdTrNtD7TzEwBeeovBQHKvdobTHtL7ibmkhNgl61JayiGfVSc8MZZAgO-C75wUZvj-Al-GB3GBuIHLie4Z
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 82F6
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308300101&jk=3410311566119883&bg=!i4iliMfNAAYHwnCgJ8I7ADQBe5WfOITyNUuJgID1odA18ABx5W0C0SJ8y5y_aUQkiCJGVzweF09M2-kQnBo8vrUrjsfwAgAAB4pSAAAAeWgBB5kDAIsVi1OtCFCvFPd9iMZkC0-Peq-ZO_Vou88UK8sWKr-LjJJIZu6nzzZPWTrpIepifJvZ1TbMkcYalgEVjI1678cNx2Jtil7uy46ylrxXpc3wh49RuJt54id9NdN74CQ2wZHGfoOjl4lq7TOdFlUaxRaAQ-3NbXLI3ietNNIM_fKMnDTNdKI3lnr6ICziNhW-dsL1Bxjlp8ddFnBElBDzB2XMYzoF5SYaPQzEMCaoA3DmYtMs6p1EfawHi9kAfa6aj0zLcGaC6FuIpsITSqyWclvgcPZ-NYAPae-ydjarDSU2T2asoISEAYs4Xo3L-J_ULdqu6rZPVIpSjdJOMeaesbXcKDVzMt28-nAta9SLpr3MlLlQ0fIFdnXlRZ3_sPkQbZocd4jWtI0uxkg0Ggu9aQTu1AfnC1DaV3ytaQ_enJYHOVr-EufJrmYLQBxx9dvBYYxpke8NX3CDtuz2MRSXScHXkIq9o_8ME_68mEAJMb86Y0ja_09IsgNsyaH4gfV7RA9Puo5jNZ0Y3_8TVUmjTvfavdxM30e7Hyd01DFAuyBNwZW6i7xZ7O-uxH7vpPqtN9zhoZ0rPK9TF6TZmc08JnURsyQnF3pRuXJTqMXiDS5O-VRIc8KRA1vVcT5mAZ0qIRZf-H51BZRV7aVqTqyWxT5jf9FPQ8MC-31Zq2GDbijA3-rFAH2FfjQZks-AZWaWbQwlAcdwPeq8wD3gkzHrpIr4gmS7YpE73x4SogWMgVChR5vV9Qrg5HQUIC1nZBVb5R9hGeFZ8R2y5-rvHd0EHMJHVs8b30_2LegLZp5ezZw119xhuQZel3iuZIJZIPOhrHEgkp7pg8VyxaZO8ZPiwExlGmo4rdBFcJr5jkqj0x3EiNOUN85Wnl99sBW2b-g_M2oWxl5he6lvF8uVNdg_1t2Fyg5Oo0sE_tL2-fDpbaUXhAs_Oe0nIXvcYxGZXvjuXhptL25edu_JgcWuTVMIhC-Rd4-iWgcdQXw20xnUqbXcf-KLUIZf22k-4RXNP_wKMg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

gen_204
pagead2.googlesyndication.com/pagead/ Frame 6C1F
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B40-Kdyz3ZKmrCu7kx_APoaC-4AcAAAAAOAHgBAI&bg=!cXKlcj3NAAYHwnCgJ8I7ADQBe5WfOOsQlNNc7K4kLPqClxoD8FWn4Sse56AdI1BYdX9aSeBRyx8p7nxXvbyZRd2fyak7AgAABKJSAAAADGgBB5kDV_0mNBrE3ZUYVogERJs73PbwRe55fchk1IRDjPecq93xmPo5_wxmFCUTrjzjrebXnwmmzjnj5322mKpQuZZ4reO11TTKns67KAj34ZghLo4mJF5vPltqiq760oQDKfattowLlJ6gSq27dRE8waYXNWN2nMQBKlnJc1Iggv3_4uHYuOPVDu54AaRUW1znk4d61tGKTbPJ2ze8WSvcvM0W12ZAOfRCLKJR47aEfvSdP3jAeHerYI4n2_-AtmaCEJVf37tSfI-EQvEeM1Z0mTA3_6C0dZcj5BY5bG3v15TrX5OaBIK3qRM-uNBQzX8hh0DUaALZUdaTdbt1WemOvEna5jXv6FunVRDgLaZAieHbv13edkqvjMPf_QdUCmECf-tJTyu5rgyznDr_uXyeaG7040Yn-9lTzZTExSxWXJRrdv_49q2Ho6nIogOutUcBCibkwaddcHKeHgTf2Rsas2Zw1ALh5lEkoHkxgZVkwIGrVQ1aWshTq3iDImQoLLHl3fwo5GfXhSdM23hWAbbkXjfusNCINeTBFbg1ZdcY9GBv8lFK8WIBoMNo_1pDGe1FWf0enHH4C2YecDnTiVwTCxewWGzi1azlGbUQcA1saWAOb9sXL4zHk08WJvZe4TVdvbRIz1kAc7ir1f4Z6_1n5BrBwNTowF-KIhprkY5dN0CdGd8JIVNwLyzqjcGI9AmpDikhAJDrcOu5fxA5OTGvI9pjW_RRGA8YovUy1VRUtQ7ey5cwzZsduKm2C7CLwWqqARz5GuW5tLA4_5cQgHLDpTZbOAo25kBQ9ahmr2dcqXIMPNf8sr_dgs6AG0eqzo6mDvj-DDuYkbndvynB5F_GCLDvsErM3TBsJstDdFzZvYrmspv4gahwysHmp4LH1uMxF04H_Ypj4qCPNVOMty3w-WSzJkRGdbLmQCDBBcEz2lJzb1LaYuv2PjI-JEriZm_3HzB3rugXlZP42GS7SFLZs0veUZo3EuScIVK9NSnAwqVd5DQx-U2tVJ6fofBReUZzvseDdbKK9giqsJ007IKZyed9TjMIM-lro9ptNPW0x6lWksts58-C4PBfPhcRBEDi1gh3jw-uKCAou7PqqA30DewrA2toT4dDLdXMR5CkGTJe0RJT_2kWKhqF7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 13:26:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame DF6A
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308300101&jk=1484939152211098&bg=!fn2lfTLNAAYHwnCgJ8I7ADQBe5WfOE7BlEFYOU6p3-FF6YzmwKFR8aZltZJX2QVEhn_GJDe5RI5KZ2qGCbfIwOURuGtwAgAAB4VSAAAAJ2gBBwoAWrjW7Sq0uemtkrwhLVgPRT1Rz9a2OrZfbcddWM29fT8993uOMGo8-RkF2BD5_scI9Q4QZtPz9sLYUX6FYQMEB4WCB7hN2dKMqXVgjTqgL4n3WOzpSziwAhKewJkC_-Dd8XpjGkyDlfM7tZE34o3YExkxVppOBBmBWd-HhXHH6HlCYXa5mxz-LWD5NUDvTlGoECUNEmiGLi9_rRjGFR4FOnae-cYoZjB0BD8y9VZCmxQKQmf8bTsAMlaau5VfRrjzJ2dRm8bWU-FFLpU25zn1JohlrpCh4O4c-0-akVOKhwWrbnSgOVbpHP1JejRyakGzwO0bz9QbpClmRQxvr_ROueEjHT94SlIC8VxSPTgU4nKIU7Mty7h2g0CsHi2hicyOg_ZpxiKdaZejSEm0Ap12-o7U5fJJLHhIwZVLS1hiKsrz1h-sf22at6hSaga3xUFwOId6DGJhnT71wKmeMM0HYQlUwuAg-_M55i35U5XlISgfo9Mtjzq5E6wNL7L4Qx7IHzAme0YKPXB5T0dM0xlc6xfUg-VApb4eJ3eMyAblyUzh_pXcxdnfAHUMupa3dZm_uCgA2uxFdotTVYtYuD6mZr6GuAgygSeTyTisgstl_2MIDy4unMgVtzdBZAEbrmQgmGvWLNhNxExYbFokcgKwg_Bp2s_G_Ml0dkyTYkcuGbD_u6K6GsK06xwLk7DVO9_Yu_kU7t40QiDLuQJZ7JlJmnMTb3ykQQFaKQd2o0xQwAYtWqJ3rddIO5JHokAk3vtuaJE46SuGcTomXW_pfdxBRIzwX7ncKo_EabDlEvFs5Pe7Iiqe5pwlrXXOa9czT9FwWsXwhpZHriQ6N5pU7f6OU60igAOxvNl8JXSaXtc_18B31RmHKA6m8GxVyuM28fG-4Ng9NzOjLc3rIyy4X_y9ni3QisqH1vpA-rKOZlGI8fCgV-2h5vhcV8IqtD6mnB437qiYyMpfakNVgetSADUAOCgl1zSuipSY8Z7_WgVy1CtlxS1s-0cb9wjJVF1U9hIO5eu_Dp0sbM3JT4waHpsuMh8CYUrF3zhKc-U1SRJA1CWGr1Ztgh-vMM2cbCe_d_91cU5qdJW8U0CZwGKEZJAJyLzyEcKytfrKTqdsIsf8TD6zyP9UqT1e5-IY1CB0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5RMeydiVxlZNU5F0h1-NCdYWxtiteNWUkTTyXtUoCDvGFPgSKVmQbRwulwnJIVuF2EPhzoL9NWP-vxQsR_g1VVPxBs5x1DiU5yuTy0fUmC3HEljnXD-VvERST1_WKolr0W0ePTljqQmYIpLIMcLIp7sePZWFIjbnrlFrDjdOg-T6iMH0LIvO9ZUfgt5uzz6y9IXh_1Y8OlDSaWMAGUzT-M0k3CiD8x4Nu0spryo9iYkacuI9wd4ScPTfkLMIZNmhJO435fjH567qRiFl1h02mLv5joVebxMH9wF_q5PrK0EA0SLuvPi6VGe3ypk0n-T6T1wNv20SSR16bZK7Te23E0uiN6RSg9xMsEHiDuORCp7UeErg&sai=AMfl-YTJQXA5vwomS3Jkj3E2lBzeRPpM49d1hh5C8UYcLucH-zs7mr-R97gxGb53R5Pc-n9UtjEaLva94D3BnwCZYvSZTawYJvqhD9ohFw&sig=Cg0ArKJSzHtDsKgnzNQ7EAE&uach_m=[UACH]&urlfix=1&adurl=
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1f56uixdXo_WvOBEcigCh-Ia6fcIRunhXp94gEfDyXa7F8mq5MGNHtHTYDWb1r1PaIezB9YPLeyEYp62KRA5bXdAYexWcFQ4StMQTkwJDrzMvEj2cGH8P2fqMdJ5N&sig=Cg0ArKJSzLa6WoILGRyrEAE&id=lidartos&mcvt=0&p=0,0,1,1&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=3803152362&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1693920374224&rpt=470&ec=1&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| documentPictureInPicture object| AMP object| AMP_CONFIG object| AMP_EXP object| __AMP_LOG function| HTMLElementOrig object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP_URL_CACHE object| __AMP__EXPERIMENT_TOGGLES boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS number| ampAdSlotIdCounter function| FormProxy object| __AMP_EXPERIMENT_BRANCHES number| ampAdGoogleIfiCounter object| gaGlobal number| ampAdPageCorrelator number| 3pla object| listeningFors

28 Cookies

Domain/Path Name / Value
.statcounter.com/ Name: is_unique
Value: sc12916097.1693920371.0
.statcounter.com/ Name: is_visitor_unique
Value: 1693920371277533579
.xgcartoon.com/ Name: _ga
Value: amp-6RaHIQl9PYgyNW94tmZaTQ
.doubleclick.net/ Name: IDE
Value: AHWqTUnM5KyNdmv30MBcpSj1T7w3KHQ-Lnb7Gxq81rNgT6O1WBgq6hbJ9F8Ye9AESCQ
.doubleclick.net/ Name: DSID
Value: NO_DATA
.googleadservices.com/ Name: ar_debug
Value: 1
.casalemedia.com/ Name: CMPS
Value: 3198
.casalemedia.com/ Name: CMPRO
Value: 3198
.casalemedia.com/ Name: CMID
Value: ZPcsd-cRyS27SRRDV5pIwgAA
.lijit.com/ Name: ljt_reader
Value: HRUGtGZHzk7wUQWFS-m5cH3o
.yahoo.com/ Name: A3
Value: d=AQABBHcs92QCEFvnB9OWKzcrnsz9Y7e8bG8FEgEBAQF9-GQBZbtj0CMA_eMAAA&S=AQAAAkzI8LVAhrLvWGA-gYbqOc0
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZPcsdwAN-n4AnQA_
.w55c.net/ Name: wfivefivec
Value: cVZyM3Ct1QDw4n5
.w55c.net/ Name: matchgoogle
Value: 5
.analytics.yahoo.com/ Name: IDSYNC
Value: 18yx~2dr1
.3lift.com/ Name: tluid
Value: 3800545205549648571366
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.simpli.fi/ Name: suid
Value: 7F9BF1B2832A45CE9277713DEFD9C7F1
m.exactag.com/ Name: exactag_new_gk
Value: a124a0340d844f4b895685addd1e8d38%7C04.11.2023%2013%3A26%3A15
m.exactag.com/ Name: exactag_new_uk
Value: 2d9134a6bd4543baa2f821979fa75e7f%7C
m.exactag.com/ Name: session_session
Value: 01a582ac0ceb42fc99eb32e7
.go.sonobi.com/ Name: __uis
Value: e8a2061a-0285-4ad2-a274-90c8e88c6b03
.go.sonobi.com/ Name: HAPLB8G
Value: s8569|ZPcse
.tremorhub.com/ Name: tvid
Value: 39a349f53d94405ea1c4ef0be3c32c92
.tremorhub.com/ Name: tv_UIDF
Value: CAESEHta9Ge8fBtuhdYRAFdvbps
.tremorhub.com/ Name: tvssa
Value: 1693920375975
.pubmatic.com/ Name: KADUSERCOOKIE
Value: CFA5EC88-0799-40D6-984E-C945848A8B22
.zemanta.com/ Name: zuid
Value: u8qDpuQ200j45p8zBCkX

1 Console Messages

Source Level URL
Text
javascript warning URL: https://www.xgcartoon.com/detail/duolaameng_di3jiguoyu-tengzifbuerxiong
Message:
The resource https://2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1b09de61165a01281272acfc69fe71d5.safeframe.googlesyndication.com
23d0e733cfa793f42fa9f4a11666071a.safeframe.googlesyndication.com
2558bc4e7683da8c30243e592a4ad78a.safeframe.googlesyndication.com
ap.lijit.com
b1sync.zemanta.com
c.statcounter.com
cc.adingo.jp
cdn.ampproject.org
cm.g.doubleclick.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
google.partners.tremorhub.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
image6.pubmatic.com
m.exactag.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
pm.w55c.net
region1.google-analytics.com
s0.2mdn.net
securepubads.g.doubleclick.net
static-a.xgcartoon.com
sync-tm.everesttech.net
sync.go.sonobi.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.xgcartoon.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
104.20.219.77
13.248.245.213
142.250.184.226
142.250.185.194
151.101.66.49
169.150.222.217
185.64.190.78
185.80.39.216
2001:4860:4802:32::36
216.52.2.48
216.58.206.34
2600:1f18:612b:4280:2292:675b:c770:875b
2606:4700:10::6816:2f93
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2006
3.124.213.37
3.71.149.231
34.91.62.186
35.71.131.137
51.75.86.98
52.199.143.202
69.166.1.35
70.42.32.63
85.14.248.71
02811bce4185fdc056d078e6d40ab27446ed0e074a8a3ba7ee918ca7ba8263d3
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
12148e2fd737fe99bb9409c766924afaed1d7c29d1e516a9c6376b8d10b2e16c
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13a1f2a4ed14209669ff131f596654ef196b96c63dac295b506f9c91946553bb
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
191508e656696b753890ee1e00b9003b65ada37cb380d027f6ff624a5e58c119
1bb749752a23c013624343163618c79882fd7f061ad5b93160527ff47c3a06d6
1c63fd1bdc5ab6c8b174c84fb48eb82e320d502a0e3f60b2f0441c543a4714d1
1d3570d2de60c47940f8c80d5b642d2bcee72a9f8aa0b110c804f41e899d9156
1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
220049135e6c242896cea20cbd980419905e04e43cc5d1f9d23db3e00e25c6f9
24f2233bcac8045562d382302fe0184f2e49836fc03c61b6af537d245858e972
26fab55491a1925f7ab2db4f8973ab3c2c49f42b6ac60ed547e4a736ce11bfc6
2a16b26baebe653a88604831fc59bd38f7848491d5beed5165afb02dac40b975
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
31f606ff16a9161e06ad0bcb7488be14e217ef394cc852db94e43e9e8506e159
32e5f2a0defb1736282fc001f1bc8927f84918773e27942f40c922f6db288c7b
34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02
36ef63420f2a82374d016a378bf127ba8d3c761c8dcad295188b1690a17a0108
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3ba2e9fe2d0f45c0abaa201f783880369db48fb844ab98ec015ec9e4deaaf43e
3bfe20847495149bc55134576cd7687e79a165b90da08ee51713258228decf18
3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b
3f927564073881220bfb188ac5a31a15e725a9274089f87ce0e1e9dc816b181e
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b369f82a270f354e0cadcc9a6ac3785a1c0bf9c70cc4546139c31efbf8fea44
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285
53c4bd10754dd9286fe81d3964e31a672e8c608532fa3b30422a792e238f2552
549245b157ad81c80d1d33ba98078eb3915cdacc872c0f3d4c3c7414d0f3f4d3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f
5dd2bb813a1b746fad27583164b489fa49e1e8abcd563889d2f5e01e2eac634a
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
621bdb834d155a92b41c1e3f5e42cc1d24d52b08edd732dedcbf2c2ccb1c6c85
664d8567f25b85bc66e23dcbcb180910480210117e444636f563afa9887f21b8
667d77669d19714ac96c979a077c8c1ddeb43e5d9b425bf78da585cb92935dad
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6ff0ac4ee795481d3f27f202f98d74099f847298ce97104cadb994b1b3ab18ab
78188233403d6dc0c09634882ffa3427f8369e41fa5bbf8984b4b92d360744a4
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
898a66fd3a2c23583edb7a0b805d27327bb3b39c8a5e1a672ec648c733001c2f
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8cd3a26cf673e60afff14a4507d8b56c13b7b652286b647bd00ca6b23c19d702
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a
91db794ce5bc0795f21c3ed5f3a25c50ddcad4e82055a80ab79af070f2c7eca1
923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3
96b3caa4d6e56ccbd206fb260d627d653af0caf2f2dd7c67b15dc6bf811252c5
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f
a3a95c780e94d916656548d7a3731c9f26cfc6b7c7cf7c7c7c1a374f2a4cec6c
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26
ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b3feeec90c0f0b0ccf3adf30fbc427e17134e5aaedc5fe590bc5b826a2c20976
b5d4dbba3c898b11aca6083d4aefd113f16b72cde7b7bba3c91bdf2bd7d785f8
bbbfaee1d461fc1bca55b61992b098d9ba06744001e1b72986ae498f9793b266
be8369cde59152040e83ce8fa0f805fe897d7aefcb55143aa80d1274eac23185
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c2c51c1cf699d852f931e465d4fafd201c4b07ae408f25122226846264c843fb
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496
d1f2b2338b1659185c9dd70ce5944bd6a8f34997d601b0966003c49a35249948
d209c85285d21ad5f1a22b40bcfdbc72f33c5e4b2791c066c47e3480b9b7ff67
d2c48da0f4e7c8356c2a97921626763d4ec5a7508413fd12a3a0ec6ec1e36b45
d722636fc120a2f0d246e66841a978a2595146e0f0db655e3b59ef3f47cd9334
da3b9ac2c2c5231f81e455e6cd1faf865a3b319626de2fbce24c788a9546e737
da6b12fb974bc5acab04cb77286b91ccd3fd9116a3595bb3189b52e6d03c8669
dbb02d066c8ee5dba07ec438fd755f6945f1f90a157d3eecdc90ad4a70d95e1a
dd0574c842dfd21fa4f5d759540fae5917e102e54b6e014dce3d7833fbab604d
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e497e42ddc988c37d46e9ec59af849b5976c86995df0dc196568c35c1d74c109
e4ee8bea178b7233def94937ea913a794656077eda30ab49e37aba8cc96b8bd1
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9c0abd3ac7b63e37c3ee14816503af5d06f008f13bfe1daea71e2ec3eb3abc1
fc50efba0b93853f3cd41051c567a18e74200805002b97917f3c27ee2287f98e
fe21f4c240c146411a479689475c64e9917d70d815f8e8a855524f37e66884ba
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48