www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Submission: On October 04 via manual (October 4th 2023, 1:31:37 pm UTC) from US — Scanned from CH

Summary HTTP 204 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 28 IPs in 11 countries across 31 domains to perform 204 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on September 24th 2023. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
47	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
4	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
25	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
29	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a02:2638:d::11 2a02:2638:d::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	217.79.188.11 217.79.188.11	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.46 217.79.188.46	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 24	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
3 5	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	52.210.221.60 52.210.221.60	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.160.23 2.18.160.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.71.140.162 3.71.140.162	16509 (AMAZON-02) (AMAZON-02)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
2 2	18.158.137.139 18.158.137.139	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	134.122.57.34 134.122.57.34	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	172.104.70.67 172.104.70.67	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:5aec:1139:b771:4a28	16509 (AMAZON-02) (AMAZON-02)
2 2	63.251.14.14 63.251.14.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.43 124.146.215.43	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 3	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
204	28

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:d::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.11 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.46 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad4.adfarm1.adition.com

ad4.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.217.23.98 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.27.193 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.221.60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-221-60.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.160.23 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-160-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.140.162 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-140-162.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.137.139 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-137-139.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.122.57.34 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.70.67 (Tokyo, Japan) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1680-67.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:5aec:1139:b771:4a28 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.251.14.14 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: 14.14.251.63.unassigned.ord.singlehop.net

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.43 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::90 (Ulyanovsk, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	googlesyndication.com b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com	655 KB
47	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 cm.g.doubleclick.net — Cisco Umbrella Rank: 329	309 KB
36	criteo.net static.criteo.net — Cisco Umbrella Rank: 897 csm.eu.criteo.net — Cisco Umbrella Rank: 7577	192 KB
13	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 7499 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 8966 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 14897 dis.criteo.com — Cisco Umbrella Rank: 910 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13805	113 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 331	251 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com — Cisco Umbrella Rank: 680248	448 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	470 KB
6	google.com www.google.com — Cisco Umbrella Rank: 11	2 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026	3 KB
3	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 4716	956 B
3	openx.net 3 redirects rtb.openx.net — Cisco Umbrella Rank: 1029	674 B
3	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 12957 ad4.adfarm1.adition.com — Cisco Umbrella Rank: 59333	11 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 713	957 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 1012	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 614	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 954	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1432 r.turn.com — Cisco Umbrella Rank: 6191	869 B
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 649	976 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1469 s.tribalfusion.com — Cisco Umbrella Rank: 3247	1 KB
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1516	1 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 783	713 B
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 10594	599 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 3359	552 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 16820	575 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 876	35 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 2422	1 KB
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 1089	597 B
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 830	775 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	5 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1878	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 12701	467 B
204	31

	Domain	Requested by
31	pagead2.googlesyndication.com	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
29	static.criteo.net	ads.eu.criteo.com
25	tpc.googlesyndication.com	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com googleads.g.doubleclick.net 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net
24	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
16	securepubads.g.doubleclick.net	cdn.ampproject.org b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net www.googletagservices.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
8	www.googletagservices.com	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com googleads.g.doubleclick.net 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	csm.eu.criteo.net	ads.eu.criteo.com
6	www.google.com	googleads.g.doubleclick.net 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com tpc.googlesyndication.com
6	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com	cdn.ampproject.org
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	cat.fr3.eu.criteo.com	ads.eu.criteo.com
4	ads.eu.criteo.com	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	an.yandex.ru	2 redirects
3	rtb.openx.net	3 redirects
3	rtb.fr3.eu.criteo.com	b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	eb2.3lift.com	2 redirects
2	ap.lijit.com	2 redirects
2	x.bidswitch.net	2 redirects
2	c1.adform.net	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	ad4.adfarm1.adition.com	9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com ad4.adfarm1.adition.com
2	9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	tg.socdm.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	a.c.appier.net	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net
1	im.bluevoox.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	r.turn.com
1	ad.turn.com	1 redirects
1	match.sharethrough.com	googleads.g.doubleclick.net
1	cs.media.net	1 redirects
1	ads.yieldmo.com	1 redirects
1	px.ads.linkedin.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	imagesrv.adition.com	9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
204	45

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G4	`2023-09-24` - `2024-10-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 26 frames:

Primary Page: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Frame ID: 97231AA32C5D4A1F98F51FAF61E1688F
Requests: 38 HTTP requests in this frame

Frame: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: C2C26DCABF20C22F277E3E1D1C75F6F4
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHAAPFeQK4APFAAjkfAPkQ9BC7vo37zcLxw&u=%7CcVV%2BW%2FaIjpwjWPLjJJDmgABWVjLLT0%2ByrZBBe3tco8Y%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oU-fBZNObj24EfUS2J5cBExYQ9MR0Jvm_bL0lQkEdhsw4FL--jOhcXtHdURzGrXb8pnI1Opd_wvWUyxOaXzHdP95EbZNfq8Yy9oT_T5rsfqzksS6zzfDUOM2yM0ABoTXB-Cerih79Pcdoj6RwiNWcr4AeqrJ4IMRsb20XavQ2NzTbGI92Kwql22p9Mdq2MrmACUjax6aYNqV2Dl4J_aviHtrFNiZD8q4WmeQ4gNbi_Wr2aP7FzGn25ihX_Q7GYIpy-bkX1HN-CECbU8EeLdM_3YvEWYEgeUljYR-Z0ODdFzBGKALvBmzd2fX1RY_q1u75EO5pUj_1MPA3PZQnCRQUJR8_EmQfPPyX41tDG65sS4KZSAGdr2pmKdeSjissEqfLFd7Yx01PvwX_OVC6v1oFAb5mMz75kGw7W6LsbPapRA1jmqMamBP8oquKpNNhRzzmxYHSZW5X0EQgYYIDSu8Pi3GLg0f5Vi6e0fsOHsCItSuUC8CLsXRnOqbp_QEw8dPQFHdtilGHp0Q4WBtF7hOkjQZMSxhJCG5VdnARzdNZZcwwTNLJrMXv8_TEEx3mMgZGM-lxai6cYZjUvj509CnDa__tLQmAf2wv&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfm6wHGkdZeSrPMWHgAf8yKPYDsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCnNsl4gufsT7gAgCoAwHIAwKqBKQCT9CRoGiMR0BH8P8oxMPdDyKX_W3N5zORpeB4U01-5lYo2b4BmiL5Oe2jzBv79Ze8RPU32lqw4lZLGads5pLIp3yRLjPASl0oSrpKh-2GhlkvsPbzQeY6V6gheQyLW4W4k3DRH3dvetwodEbeBBDmgHymUxoq8fyXF4Hhoe3qSlYRqPuNw8NMBFuAnWdg8vcl-tpDgNhGVuQKfJpz3ymz4LsYi1X5raYY8VVkyvERkkWMFnSHUm4B_eYs4NCKaEpenYHuu7x_XvjuhhXiHA_gAdB_-edsCt-l0iPBI9wYXhW2u2FRxxCeDH4CBh94nRBorrC-70HrQpvNde8jGpvIMoaYyRA3Y0WBt8_GSt3I3C1fBhIuOH6ZUrt-5NhO8jTJGYKeleAEAYAGsOCHv9DW1bcMoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1HVK8ZIfyRGOb9Sed18J2Txx8PwA%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: DAFA6721234FEAAEEFAEE6212A91B84D
Requests: 11 HTTP requests in this frame

Frame: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 65B8B136FE9E9311B349C91D6EFD7602
Requests: 11 HTTP requests in this frame

Frame: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 6D910A412B05B14D322ED4E8DBAE8823
Requests: 11 HTTP requests in this frame

Frame: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: FEEA2030FD311F699F5E6B65737F4AF2
Requests: 11 HTTP requests in this frame

Frame: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 7183FA2A464FA37B0B30D5BBDA40D8C2
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231002/r20190131/zrt_lookup_fy2021.html?hello=world
Frame ID: 18788E7F5090C8194A2B8C782E52B924
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHQAM2coK4DaHAANuQHdaawgMTR_P8ht3RQ&u=%7CcVV%2BW%2FaIjpyODksIdSpnfeeZCCC3pcXPcf4do0BlMNY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeAm6W3iav_2Mg0LBvJ2Zi8rVgNpsQppGOVCkKdAPzXFdULEaJGms-g0_z6qV0-8pFLhXEtWQMbVBznxJopDr_m3n3TnfVclcDtWRuXMfGgx8pwg3JJ6eSb4HyBdMVqyYrsatcQmm3KC_RB2nvx7OGqi6fX3hMNuA6ykEOXul8qOYhfQHdrDKqVwHI0g3n6cN4XaXK_tRj7rhiUKjD3Qogu2ONGvkMmz5Q3skmGA2perweyWFPJFd0llQ55wMsjVo--mvMQpUe8xmUReUCwnxD2p05YwGVFCQHyfp-TqgA27kCfZ9A0u30wH2kBFmePKaXrqNmx0wZcaK1rNsvOfZng07iyvhSIsk3ULCfjrW863mGGVI4r4Ruh17xQOYozMd1tx1ZautaXMpWHrA_IZs4QOfnZVNOvswq8IM3aS2KgXN0PYGK8lL_1-QMfcF10ZsJeKzUs_zHy4AwwFbG9Lmgag6eWMiYfDj9SiThU3tzVwWku9IpMx9r2Ck-j0d6m-rgUaf35aBiAV78WNXZ4jRX8v&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCaJi4HWkdZcqzM4ftgAfA3I3wCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCsTbv5raXsT7gAgCoAwHIAwKqBJ0CT9CVKPTTdlGkX5dVvOan-VRd17JmfdxfHjm54wDlSY7LbBHfZKXOSahkUxnCcpeNGDNhlmnM6P9lHkvChlPLl7MJlLmIb5ILsEONAFLZH1mgLIfY7yu0IPkuZBKAQqSYD8BiHs0dQ_mn-YfehcgI36zIxUi8ShJEs2wckwfLv1yhCmcvuSj93Wl-6uHUyF5DeuGEAe8jpkXSkTsspb2lirCKGdzEH4bOYZSurAMBjTY-fGrM91AaHMEalHe012yEq0h9u1JzInc1mLQbTnO_xTQjIkSRx3Q6rp5CenVg9RzjJzWkuZo9U__gQDLs7lDhQ8JxNGTeBWSwnkMm1GLrkfQzVOqqkYY1QUZR7DoFuuR8uWgxlTdK_44mmlbD4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0krK9cLOIddqrDbiqma_3Cg7DvHQ%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 1239E714AF3E255E985FCB430CD43DB3
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476
Frame ID: E4805C0733A0BEA1A30349AC6DB402AE
Requests: 7 HTTP requests in this frame

Frame: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 23F1D5CF072C933EA4CE3D42E5172712
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=280&slotname=3654094576&adk=229048865&adf=3173046730&pi=t.ma~as.3654094576&w=336&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426271199&bpp=727&bdt=954&idt=2080&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31078362%2C31078301%2C31078420&oid=2&pvsid=2989584093160384&tmod=172839782&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gzck6unoo827&fsb=1&dtd=2294
Frame ID: 75485B1A10273D3F1BA0C013E54CD47C
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIAADX5wGrSroAAo_0cFeqqwIlJXw0-ErbQ&u=%7C2wsBr8wc81jqYusXvBj62qzulPRXI3mQqFdJmmc2BmY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQpTCQxD9nzu0np_tEqoxIU8i6JNw1DOsLhuBEyd-3wcx6EnS6VcTWEKomH2_JU6Ws1mwMV7Xv1t_crsoMdyL08u7Eeu7GbTNGAhV_54qm0Fm8JJMhA6kwxEab41d7ESpmYbU50smGWdChcaM2lG8G9JwvXjpkhaCVZ9B4nqTq2DPP6EiTJPSl-RdgEgrtj92AAcs9_-_1W1sJ5WMARcfySsvcgdMNKndmyfHS5AFoXyMC0U-1z8hefNGufguvzzLlp0lRBfL9x-sn2xUzLs_debhAA2A5l6GggZ4cPIh33PtHl8szB8VrBsJpnpETk4Ci1igXkq9bloavPDhrGnQssFC-WQZDuAiwYFL11qKZTsmGuB0qGf6o84P6Wv7Jw-wRUQ8AearWK1mfWtsrCYFeTU3AYNq8tHYiu6wBDbSWt1WLC4sHixgctCzJOHIOkiJYRE2ITRewdMy40ikxa3sTGLLC3Bbfb_9b_P1YGyFeZOk7mrmIacZt_O5bf50lDkkdolM12JiP0wIN176pgSPP5Qn571UZaqLjI43xKxfMirU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOuBFIGkdZZy_DejVtOUP0f-o8ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpArE27-a2l7E-qAMByAMCqgTJAU_QBLVKrQUSXN7HUkACmIp9oXUcuw_Yg6in4PesbXHjT1YU9VTHER-vnTtPkg1R9dKvlY3LaoF0-LPqRWMTMUPapvphhtrTK8yuna5HfWWVXEkvBHWGskxq4L8bqj1v__UymGdwURZ5ZnWIriI5rsKJaXUG4j3yoYMcJ0M3rfIFvyIAdwkxS_CxTkXe9iajjYzfuxVLymuJ9-qnEB17g_D6hM8oxGojXcMbHbsw36C_VSsun0OtazgNLedJ-wHjcLHgYI1Rudcq34AG59C6h_zX6_pFoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3DXh7st_2-fhboJ50KijI_5qW3Fg%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: EE341B40CD1488CFCC135C52D2E92536
Requests: 12 HTTP requests in this frame

Frame: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3F4FA3396D9032DBF73E3488FFC67F1A
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CEC201CE04064E00C16B210F8ACF80B2
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW7bBIreTnFVkdiSs1-HxvfFxH6nozMKjy7Ko3OLQ9Zn-cYTf8fITmYtiOrdImQP_XW9kPbu1buol3fbZRkLljj2sFUug
Frame ID: 8C3ACAB7DBA6C46F5934BC545E96C81E
Requests: 4 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIQAJvsQGrSsyAAA_Xgh4eSusAY8KNpT5BA&u=%7CiYnhlqhBJzGjUrmnSZPR2Zl9PUPscbuBzAwEiJswRCk%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5sh0sko3T2VI8Lb1LADPR84kb0PKX0K5sV1ph1hOJL385aoHRv7a9w8H19JpdS5d1iE2aphjARuyDU_uBQX-6TsMSfypJKY6utr71FRamSDxsNn-CqmnSKm-gZmPk2pLN6CG1ZLyn5XFvVfBjsi15m-sDxhL6-9Nvxcw_T-5WMX_fZ6zm7beDoipeiNToueU2nDh0muzoFP8gdqRVj1k4cLu2dM4YwQWIOOQcNl_X1fu9CuzmyLoF-3Ir-UK_a5j3znYnHCforOC01o44nsQmWY0cOweVrCz7yC5OvnxFysOThHeXgOORnJi2ZWLsY7UjIZXC6DX33oY7FTjB62VuwNBKL9C3jukMYdF8O-5msHIioqNK7oBsSlVMQ1to5XUGizDzLHEfHilubZZl58O1e0Z57crrxRKKs1JVPvWdBF9fZt2b-I_LyOC-OkZ2gVrH8pydnKKN3URxa50hj0ErtDJCLLid57juij_ycNMDgdb6MTjTU1uCqIk5lxOWPizidJ8Ap5fovqbvxhkapH1ha7oLpm6FmYmbwwhfwMJI36S&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs2LuIWkdZcT9JrLWtOUP3v6A4AjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAtFd-LytnLE-qAMByAMCqgTKAU_Qf38PahucrwT5t-f8WPvYKW_R4UndUO_83-dA8qlGd88a4Q1Zkp44Ys6Xc0MUod-CW0QSZg_62fxHAbCekgXS2n8j_gOuFyEnFXZFLhuNyhYZG1xlP5gqDNnh0Upq07o4VwgOY8lknqWXMAsr21Dv4h_mv6XHmNyz_o5fKIZDXL5E6ZxaxBk3xUP27CMi5uPAhCQv2xsE_81ZQvrr8MdooR-zondpByTmuEpB2lX75rOdhbUK0W_3JI8_svxW4-ibe1afuEfKnwiABrDgh7_Q1tW3DKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ag5E1DBk0qHGcohHU_PILDcAAkw%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 670970B9CDE14541850E70A1DF00C044
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 870E6171E51EB1245BE848BFD1B64AA4
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DBE10FD87BF5C6AB6DCEC13456D3E414
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DC61EE81DB013C983AF11B2A6A3CD4F0
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9435B699DA084309B83501CA68211CE7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 14C3FD87A83B4BD7AFC8C14411CAECC7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F47B035EFE78F520DEE744553B6F7648
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B4C0F7E607CE1892EE7D3E2817407F3A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2BC6B21FAC5016CA734500E0E7D28B73
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0A842273CAF53090628B3CE0660E447C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍱山海際會【國語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

Page Statistics

204
Requests

90 %
HTTPS

49 %
IPv6

31
Domains

45
Subdomains

28
IPs

11
Countries

2458 kB
Transfer

6147 kB
Size

31
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1&C=1

Request Chain 129

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR1pIz5hM2hnUAhWIIGQfwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1

Request Chain 132

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 133

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESELk1ZocCjoi6GGa5ciOYLgw&google_cver=1&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfLLbbdlEOPD8ZU4O_0t7hGHYEpg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfLLbbdlEOPD8ZU4O_0t7hGHYEpg

Request Chain 134

https://rtb.openx.net/sync/dds?google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_cver=1&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ HTTP 302
https://rtb.openx.net/sync/dds?google_cver=1&google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ&google_hm=rDb0ms7rylokntk20iuOfw==

Request Chain 135

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKYRWiXPvlQwc7Dkc8ck_wE&google_cver=1&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEnJuyB3YUBaY5WrSPBlELY0xCMOJw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKRDctMjUtRThMOQ==&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEnJuyB3YUBaY5WrSPBlELY0xCMOJw

Request Chain 136

https://ads.yieldmo.com/exptsync?google_gid=CAESEOAoOWIkyTP7RahE2GVtYQw&google_cver=1&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw&google_hm=M2VjXzdjY1FRWWNpOFlkd3ZxSXk=

Request Chain 137

https://cs.media.net/cksync?type=g&google_gid=CAESEDKWHqipfdvOGOnLvJ_uKhc&google_cver=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj724YhtBiNrqwSlKlEX1amtnBh9HPPYUmnEJs2pZHj0Q46_U0z5NR13fLO4xJj1nb8p-KRjWIw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&mn_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj724YhtBiNrqwSlKlEX1amtnBh9HPPYUmnEJs2pZHj0Q46_U0z5NR13fLO4xJj1nb8p-KRjWIw&gdpr=&gdpr_consent=

Request Chain 158

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1&google_push=AXcoOmQVh91IhsRpG5UhpcRAdGQ4mLfKsvg7S4N9aEysIuO8Mxsinn1FkEnk6nVCbcDOOmqoJ41QYjVW1eJYurXw0iqzUMgBniuGNEGoSh-bFmOHuC2J4DQiUmPz0yEMhXnf1SbHMgwQdkndGKIOD5NLI7P0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTE2MTEwMDI1MDAwODg1NDQ0NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1

Request Chain 160

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEO1KcNU3MmoE8keN-XmuzsM&google_cver=1&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d5rabqMG4qp_MLYNXWJ7E0iFTB9RxnIB2P1lJD7EFJMX1TGNgR0AHDvsGSvvbaY6anW8hcBcLxWot HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEO1KcNU3MmoE8keN-XmuzsM&google_cver=1&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d5rabqMG4qp_MLYNXWJ7E0iFTB9RxnIB2P1lJD7EFJMX1TGNgR0AHDvsGSvvbaY6anW8hcBcLxWot HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5MTUyMjgzNDYxMjg2ODIxMA&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d5rabqMG4qp_MLYNXWJ7E0iFTB9RxnIB2P1lJD7EFJMX1TGNgR0AHDvsGSvvbaY6anW8hcBcLxWot

Request Chain 161

https://rtb.openx.net/sync/dds?google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_cver=1&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5kqVmZKCCXvSU0VhInFLAXz5MWhigLp8nzVPu2M_wJEP2tsNDdBqQ5ffH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5kqVmZKCCXvSU0VhInFLAXz5MWhigLp8nzVPu2M_wJEP2tsNDdBqQ5ffH&google_hm=rDb0ms7rylokntk20iuOfw==

Request Chain 162

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKYRWiXPvlQwc7Dkc8ck_wE&google_cver=1&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu6uH29VsNKEBBOH991jwxlF1K5nRGWWEOQo8s2ifxN7LJwm6ve7QNzse4DvBU8Np-QieY6VkJEuNJs23PN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKVFotNS1GS0VM&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu6uH29VsNKEBBOH991jwxlF1K5nRGWWEOQo8s2ifxN7LJwm6ve7QNzse4DvBU8Np-QieY6VkJEuNJs23PN

Request Chain 163

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEGNtkfJdRaSkDx-az6J6XH8&google_cver=1&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3PNIHMYSaUi1FUTIMdGLYeXBfLpQicF8O9R6LVgrSBvGBfxqAM-4fpsOuMQZZKwt_lDsdJfmlzJoVzDtlE5A5XvDWVzO9EMqZARNqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3PNIHMYSaUi1FUTIMdGLYeXBfLpQicF8O9R6LVgrSBvGBfxqAM-4fpsOuMQZZKwt_lDsdJfmlzJoVzDtlE5A5XvDWVzO9EMqZARNqA&google_hm=QlMuMDBmZS0yN2M2LTRlN2EtODhkZA==

Request Chain 164

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEFNcL4s50JtcYN1_vNmnMW4&google_cver=1&google_push=AXcoOmRB0hzkBo6D79CSivFEcKxD_bA0yllwbczlSxQSXsU4T-cLJMysX8NnAlho650aXq2SGvIG0pBskfQEfZPbvt_cXXILkDYqz59EVYuIBM2g2jNACgAzvWaWFWPjDkoNPhNobxdz5dlCYBUXDQOav_1P HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEFNcL4s50JtcYN1_vNmnMW4&google_cver=1&google_push=AXcoOmRB0hzkBo6D79CSivFEcKxD_bA0yllwbczlSxQSXsU4T-cLJMysX8NnAlho650aXq2SGvIG0pBskfQEfZPbvt_cXXILkDYqz59EVYuIBM2g2jNACgAzvWaWFWPjDkoNPhNobxdz5dlCYBUXDQOav_1P HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=6492f71b-32ce-4caa-bb79-7b534a0a6bd1&%%GOOGLE_PUSH_PAIR%%

Request Chain 178

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEHcrTMhz11A90Up7uTHtHpg&google_cver=1&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmHjTMFkYIMMsUSdq9AomQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmHjTMFkYIMMsUSdq9AomQ

Request Chain 179

https://a.c.appier.net/gcm?google_gid=CAESEJJ-8bBNoF_4U3-YvtNC2Mw&google_cver=1&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy-v5UrlLW0cBTUWm5Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eVlPMENNeTJEUk9DcGZ2eEpXa2RaUQ%3D%3D&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy-v5UrlLW0cBTUWm5Q

Request Chain 180

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAL31NYG8runoQCYH0Fa9Yk&google_cver=1&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4MFB4M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4MFB4M&google_hm=eS10ektjdjVaRTJwSGlLYlZVYUIyeG1pdnY1TjlZOG0uRn5B

Request Chain 181

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKcNodsxI1HStj9Iw9gEAtE&google_cver=1&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKcNodsxI1HStj9Iw9gEAtE&google_cver=1&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF&google_hm=HbgrJGZHK0iJaQMRT9C-lnwn

Request Chain 182

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOiC4unFjtbUzjCbKEoN3A4&google_cver=1&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0rVw HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0rVw&google_gid=CAESEOiC4unFjtbUzjCbKEoN3A4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTUxNjQ4NDk3MjIzNTAwMDE0OTI3OA%3D%3D&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0rVw

Request Chain 183

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEDVLjfJMp72lV8z6HkUhqxI&google_cver=1&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ&google_hm=WlIxcEpjQ284WVFBQUJUcnhkWUFBQUFB

Request Chain 184

https://an.yandex.ru/mapuid/google/CAESEJTxU_MVmUJdQkQo_2E1oOU?ext-param=AXcoOmQA3-tPMTSkl5R3BVQE-DwCcSMP6CNen3hw0ND20rJQtWNBeBvO6FJpeDKEz4kNsfy3Wc6Z1HzXuXYPhviDm7riMXmHHimhfw&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEJTxU_MVmUJdQkQo_2E1oOU?redir-setuniq=1&ext-param=AXcoOmQA3-tPMTSkl5R3BVQE-DwCcSMP6CNen3hw0ND20rJQtWNBeBvO6FJpeDKEz4kNsfy3Wc6Z1HzXuXYPhviDm7riMXmHHimhfw&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEJTxU_MVmUJdQkQo_2E1oOU&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

204 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request shanhaijihuiguoyu-salalei Show response
www.xgcartoon.com/detail/ 82 KB
18 KB 899ms
445ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b598b9e98f799846cdbf31c17058f7d600ca047826fa59be227054b5f9f858e4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 04 Oct 2023 13:31:06 GMT
etag: "148ad-Mb8X5QHvlh0u+OrtxK9Sp1Kk2y0"
expires: Wed, 04 Oct 2023 13:32:06 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
72 KB 167ms
98ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8756d3367261f5dfcbef03be86fb4b956f889917fbdd3b72c300d8e1dcdc5f47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73066
x-xss-protection: 0
server: sffe
etag: "1743d73101b212e4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 165ms
96ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c7c5c90a9ea184b7ae122746634b34b95b904cdf18701bcefe47281bdf3fb2a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23163
x-xss-protection: 0
server: sffe
etag: "d8f4281da4b1dc01"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
10 KB 124ms
56ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0696014ac23d674aec0b644c215635727fc3ff4b972cf9052c7bbd0b774a92

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9444
x-xss-protection: 0
server: sffe
etag: "5bf0e0624f55a936"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 49 KB
15 KB 152ms
84ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e470390154e5bd03688cdda3929ea08912e3c0df3381747417b2b2695c11e6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14972
x-xss-protection: 0
server: sffe
etag: "986ff7f2a28ce823"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 132ms
64ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46fac2c4f85a6f77b7b855a38edd6da4af8721ba0b7bab73d0bc60347fdbd3e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15366
x-xss-protection: 0
server: sffe
etag: "b81709c9fc647cf4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 129ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85807e46cda1cc83ef9c5e92edaacb7ccd4fe3cf1ad8ff1975709a435853cc08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4743
x-xss-protection: 0
server: sffe
etag: "da6a9594ab3fdcdb"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2dff3c8538006a5ab7304fbdd0eef49b25077b7ba5faabcae58da42f42b1f8b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10339
x-xss-protection: 0
server: sffe
etag: "3b1d1db9601b03a8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed68f0e80b7fdede2ae7235b2ae1ce179d07fa64513658d7ac9f65a5f12d623c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:31:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32179
x-xss-protection: 0
server: sffe
etag: "9396582ced18d109"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Oct 2023 13:31:07 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
467 B 254ms
187ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:07 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 810dc88adae0914c-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 258ms
257ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:07 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Wed, 04 Oct 2023 13:34:07 GMT

GET
H2 200 shanhaijihuiguoyu-salalei.jpg
static-a.xgcartoon.com/cover/ 154 KB
155 KB 469ms
318ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shanhaijihuiguoyu-salalei.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce4626c4be8b6ec31d34669eea56e2a2a6052d369195264b056461806b1e3c32

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:08 GMT
cf-cache-status: HIT
last-modified: Sun, 07 May 2023 06:46:12 GMT
server: cloudflare
etag: "C335C415BEAC5767D68C24616C87C6DD"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 810dc88f7a1f1e31-FRA
content-length: 158047
expires: Fri, 06 Oct 2023 16:55:43 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 262ms
261ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:07 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Wed, 04 Oct 2023 13:34:07 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 262ms
261ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:07 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Wed, 04 Oct 2023 13:34:07 GMT

GET
H2 200 shenyinwangzuoguoyu-tangjiasanshao.jpg
static-a.xgcartoon.com/cover/ 19 KB
19 KB 260ms
110ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shenyinwangzuoguoyu-tangjiasanshao.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4f56080dfe600be5d04ab1bf27117aba83605a12d0387a0d5cd96d6c422aee

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:08 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Tue, 18 Oct 2022 02:00:33 GMT
server: cloudflare
age: 119803
etag: "346059FD71E4544A5D59B64B58345CA3"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 810dc88f7a211e31-FRA
content-length: 19163
expires: Tue, 03 Oct 2023 12:18:59 GMT

GET
H2 200 nitianzhizunguoyu-kuyayumu.jpg
static-a.xgcartoon.com/cover/ 79 KB
79 KB 1293ms
1144ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/nitianzhizunguoyu-kuyayumu.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e412f751b73578bb55e3cc970477ce54dc34ebbb73b4967bf8ae6a0cf97a2cd6

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
cf-cache-status: HIT
last-modified: Thu, 01 Dec 2022 00:06:04 GMT
server: cloudflare
etag: "2795B3C5B25F149FAB1E39FF6EDA5057"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 810dc88f7a231e31-FRA
content-length: 80878
expires: Sat, 07 Oct 2023 08:46:10 GMT

GET
H2 200 xianmuguoyu-gaofeng.jpg
static-a.xgcartoon.com/cover/ 79 KB
79 KB 1062ms
913ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/xianmuguoyu-gaofeng.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34eee643107e1a9aa4afd6bf7c79f215215736a7a549d9fe30c1c639bbc46e2e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:08 GMT
cf-cache-status: HIT
last-modified: Wed, 16 Nov 2022 01:03:01 GMT
server: cloudflare
etag: "9FD58D5644255628F1772EA73A6C1DFC"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 810dc88f7a241e31-FRA
content-length: 80711
expires: Fri, 06 Oct 2023 11:06:42 GMT

GET
H2 200 shenlanqiyuwushuangzhuguoyu-xuzheng.jpg
static-a.xgcartoon.com/cover/ 81 KB
82 KB 1283ms
1134ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shenlanqiyuwushuangzhuguoyu-xuzheng.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4a910ab5244e789519de23b0acc098577354305d758ae59a134a6ccfbc2bc64

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
cf-cache-status: HIT
last-modified: Sat, 12 Nov 2022 09:23:36 GMT
server: cloudflare
etag: "119FA424D798AE8CBF2A944A030FB294"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 810dc88f7a271e31-FRA
content-length: 83425
expires: Sat, 07 Oct 2023 12:58:49 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 8 KB
3 KB 122ms
72ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4de6c8a24d8959593744ade6de22ed29b5404dcdd0243d43e52209b56383f66

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 03 Oct 2023 20:49:09 GMT
age: 60119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2976
x-xss-protection: 0
server: sffe
etag: "38f77e2398a961a5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 02 Oct 2024 20:49:09 GMT

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 237 KB
63 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fe4af134347bf9383f0946d8417a70e5bd69298876a68c4b578ab6bdeacad81

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 03 Oct 2023 20:49:14 GMT
age: 60114
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64159
x-xss-protection: 0
server: sffe
etag: "694de4ba2c310625"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 02 Oct 2024 20:49:14 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 12 KB
4 KB 54ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71c87286b7656c279d8c6276b6602373709af8c8d4405cf94dc74e71ac9fd3b4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 03 Oct 2023 20:49:09 GMT
age: 60119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3930
x-xss-protection: 0
server: sffe
etag: "2c64beef00f20bbc"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 02 Oct 2024 20:49:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 1318ms
1211ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=521724003936&ga_cid=amp-Wr521WqRUU7pv2l4HYiggQ&ga_hid=3936&dt=1696426268589&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&bdt=1342&dtd=237&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eae2248695073e0308aef7dadbd59220d715b450b344d9de0e38da2b5d1cfb72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14140
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CIq2zqnA3IEDFYc24AodQG4Drg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Wed, 04 Oct 2023 13:31:10 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
15 KB 390ms
290ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=819&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=521724003936&ga_cid=amp-Wr521WqRUU7pv2l4HYiggQ&ga_hid=3936&dt=1696426268590&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&bdt=1343&dtd=248&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e5b2bf64982d446fd87eab666fcb1416242d358ca71067e098bf7c1b833ba39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14156
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: COSpmqnA3IEDFcUD4AodfOQI6w
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 635ms
538ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=521724003936&ga_cid=amp-Wr521WqRUU7pv2l4HYiggQ&ga_hid=3936&dt=1696426268590&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&bdt=1343&dtd=252&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610eb5900b1c4338a2a1cf614807523f37117d2ab8a3216f49738feed2da0dbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x50
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13286
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CPj9mKnA3IEDFd8CVQgdfmEAag
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138353942361
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 832ms
747ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=521724003936&ga_cid=amp-Wr521WqRUU7pv2l4HYiggQ&ga_hid=3936&dt=1696426268590&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&bdt=1343&dtd=265&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cdc7ff26dcf95ea62741c32bcc2270be4443d7e0ed3151cc6ee32a2365b7eeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 336x280
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13296
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CLL8mKnA3IEDFcwTVQgd3NgEoA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138324663409
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 1055ms
973ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=521724003936&ga_cid=amp-Wr521WqRUU7pv2l4HYiggQ&ga_hid=3936&dt=1696426268590&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&bdt=1343&dtd=266&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30d27c3d691d18f3899cc2d2140875879815187b2d3701138a22fd94160ea080

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23566
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: CKL8mKnA3IEDFZEq4Aodt4ENkA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495322
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012309181453000/v0/analytics-vendors/ 2 KB
886 B 22ms
22ms Fetch
application/json 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 03 Oct 2023 20:49:11 GMT
age: 60117
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "6c7d99d062e3f63a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 02 Oct 2024 20:49:11 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 225ms
225ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:08 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Wed, 04 Oct 2023 13:34:08 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 127ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=3936&cid=amp-Wr521WqRUU7pv2l4HYiggQ&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&dr=&dt=%F0%9F%8D%B1%E5%B1%B1%E6%B5%B7%E9%9A%9B%E6%9C%83%E3%80%90%E5%9C%8B%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1696426269&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 166ms
58ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html Show response
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C2C2 6 KB
3 KB 59ms
28ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Thu, 03 Oct 2024 13:31:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame DAFA 52 KB
20 KB 345ms
96ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHAAPFeQK4APFAAjkfAPkQ9BC7vo37zcLxw&u=%7CcVV%2BW%2FaIjpwjWPLjJJDmgABWVjLLT0%2ByrZBBe3tco8Y%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oU-fBZNObj24EfUS2J5cBExYQ9MR0Jvm_bL0lQkEdhsw4FL--jOhcXtHdURzGrXb8pnI1Opd_wvWUyxOaXzHdP95EbZNfq8Yy9oT_T5rsfqzksS6zzfDUOM2yM0ABoTXB-Cerih79Pcdoj6RwiNWcr4AeqrJ4IMRsb20XavQ2NzTbGI92Kwql22p9Mdq2MrmACUjax6aYNqV2Dl4J_aviHtrFNiZD8q4WmeQ4gNbi_Wr2aP7FzGn25ihX_Q7GYIpy-bkX1HN-CECbU8EeLdM_3YvEWYEgeUljYR-Z0ODdFzBGKALvBmzd2fX1RY_q1u75EO5pUj_1MPA3PZQnCRQUJR8_EmQfPPyX41tDG65sS4KZSAGdr2pmKdeSjissEqfLFd7Yx01PvwX_OVC6v1oFAb5mMz75kGw7W6LsbPapRA1jmqMamBP8oquKpNNhRzzmxYHSZW5X0EQgYYIDSu8Pi3GLg0f5Vi6e0fsOHsCItSuUC8CLsXRnOqbp_QEw8dPQFHdtilGHp0Q4WBtF7hOkjQZMSxhJCG5VdnARzdNZZcwwTNLJrMXv8_TEEx3mMgZGM-lxai6cYZjUvj509CnDa__tLQmAf2wv&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfm6wHGkdZeSrPMWHgAf8yKPYDsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCnNsl4gufsT7gAgCoAwHIAwKqBKQCT9CRoGiMR0BH8P8oxMPdDyKX_W3N5zORpeB4U01-5lYo2b4BmiL5Oe2jzBv79Ze8RPU32lqw4lZLGads5pLIp3yRLjPASl0oSrpKh-2GhlkvsPbzQeY6V6gheQyLW4W4k3DRH3dvetwodEbeBBDmgHymUxoq8fyXF4Hhoe3qSlYRqPuNw8NMBFuAnWdg8vcl-tpDgNhGVuQKfJpz3ymz4LsYi1X5raYY8VVkyvERkkWMFnSHUm4B_eYs4NCKaEpenYHuu7x_XvjuhhXiHA_gAdB_-edsCt-l0iPBI9wYXhW2u2FRxxCeDH4CBh94nRBorrC-70HrQpvNde8jGpvIMoaYyRA3Y0WBt8_GSt3I3C1fBhIuOH6ZUrt-5NhO8jTJGYKeleAEAYAGsOCHv9DW1bcMoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1HVK8ZIfyRGOb9Sed18J2Txx8PwA%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

34e962cda2283190944b1f82385e06f45371430b5f688ab99b1de07f312743b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=HGMOapDZyF97KwbY5KCQA3BFZrfZBG55U58jnvDsQ6qKf-UexIYtKgZlCexKw8egmRdPq8u5czqKdfpZIC9u4M4zhV50xGjuUFcqxqzied5ppA5WqJvaPY7Ie3jWqQFMKyeOmsauWZfku3hCRHq5AeS2PGrD4Z2RiqPt_WcbjpjjUnwokHvBUWElup_p7iVX8IXYb-WAs37FaX8mStBl-D1fT0WbPtK879mFjQXvYYVpDQ0zIET436pvdPFcotj9f0tDlA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3124356
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame C2C2 3 KB
1 KB 362ms
112ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame C2C2 20 KB
9 KB 296ms
47ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C2C2 24 KB
7 KB 370ms
121ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 522281
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C2C2 187 KB
59 KB 333ms
87ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H2 200 container.html Show response
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 65B8 6 KB
3 KB 158ms
0ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Thu, 03 Oct 2024 13:31:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 65B8 24 KB
6 KB 175ms
18ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 522281
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 65B8 18 KB
8 KB 263ms
105ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c399dd6e87dd4a577363801b62a35c3275669714a30a2ec7496a2b11a242af65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7895
x-xss-protection: 0
server: cafe
etag: 365218517303023943
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 65B8 187 KB
59 KB 334ms
177ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:09 GMT

GET
H3 200 container.html Show response
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6D91 6 KB
3 KB 188ms
149ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Thu, 03 Oct 2024 13:31:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame DAFA 2 KB
1 KB 284ms
46ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHAAPFeQK4APFAAjkfAPkQ9BC7vo37zcLxw&u=%7CcVV%2BW%2FaIjpwjWPLjJJDmgABWVjLLT0%2ByrZBBe3tco8Y%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oU-fBZNObj24EfUS2J5cBExYQ9MR0Jvm_bL0lQkEdhsw4FL--jOhcXtHdURzGrXb8pnI1Opd_wvWUyxOaXzHdP95EbZNfq8Yy9oT_T5rsfqzksS6zzfDUOM2yM0ABoTXB-Cerih79Pcdoj6RwiNWcr4AeqrJ4IMRsb20XavQ2NzTbGI92Kwql22p9Mdq2MrmACUjax6aYNqV2Dl4J_aviHtrFNiZD8q4WmeQ4gNbi_Wr2aP7FzGn25ihX_Q7GYIpy-bkX1HN-CECbU8EeLdM_3YvEWYEgeUljYR-Z0ODdFzBGKALvBmzd2fX1RY_q1u75EO5pUj_1MPA3PZQnCRQUJR8_EmQfPPyX41tDG65sS4KZSAGdr2pmKdeSjissEqfLFd7Yx01PvwX_OVC6v1oFAb5mMz75kGw7W6LsbPapRA1jmqMamBP8oquKpNNhRzzmxYHSZW5X0EQgYYIDSu8Pi3GLg0f5Vi6e0fsOHsCItSuUC8CLsXRnOqbp_QEw8dPQFHdtilGHp0Q4WBtF7hOkjQZMSxhJCG5VdnARzdNZZcwwTNLJrMXv8_TEEx3mMgZGM-lxai6cYZjUvj509CnDa__tLQmAf2wv&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfm6wHGkdZeSrPMWHgAf8yKPYDsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCnNsl4gufsT7gAgCoAwHIAwKqBKQCT9CRoGiMR0BH8P8oxMPdDyKX_W3N5zORpeB4U01-5lYo2b4BmiL5Oe2jzBv79Ze8RPU32lqw4lZLGads5pLIp3yRLjPASl0oSrpKh-2GhlkvsPbzQeY6V6gheQyLW4W4k3DRH3dvetwodEbeBBDmgHymUxoq8fyXF4Hhoe3qSlYRqPuNw8NMBFuAnWdg8vcl-tpDgNhGVuQKfJpz3ymz4LsYi1X5raYY8VVkyvERkkWMFnSHUm4B_eYs4NCKaEpenYHuu7x_XvjuhhXiHA_gAdB_-edsCt-l0iPBI9wYXhW2u2FRxxCeDH4CBh94nRBorrC-70HrQpvNde8jGpvIMoaYyRA3Y0WBt8_GSt3I3C1fBhIuOH6ZUrt-5NhO8jTJGYKeleAEAYAGsOCHv9DW1bcMoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1HVK8ZIfyRGOb9Sed18J2Txx8PwA%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame DAFA 2 KB
1 KB 346ms
108ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame DAFA 308 B
636 B 215ms
49ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame DAFA 293 B
621 B 214ms
48ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame DAFA 43 B
348 B 274ms
39ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=YiMHGsz3fbId0_tyQ2J4gNM9GYfkT4th7Snm22Clc0QMBw_DNw4m64aVCFXO83sfgQqeeF-doUMQPwTT5_FSRyyUfQxsVHxVRXJMTi-FuLEuKSjGF4hoOre4gKwfMoLsJvv3qfGw_gkgtpyaMr2h09EucPSHe8L8SdO6vld0vyOFzrXGXfJsdKk3urFZGn4WWxiDHOFMCw70nr2Ao5tmQ-W2guWv-SjtcKKgHofO4ZeE0zD5ockAZbhISv7hbm1FjHDtDR5P7RMQShqc-simItgsK2k5LimCOVNcXDB6emuY2K07kEI-jUJQ1nGx6AXPiEls66inpy3hurHrhmOItBK-c0H8szeXvUEtaalhfFcxOKCRHglcNjDvEDLKQBrIjX2z8nNts8sIL5drr7HXN1nl-zr32tHzcriUBynqhAc5b1jx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:09 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1559872
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 2e231d27d58e475181cf3e5bd8f545ec_image_ad_160x600.jpeg
static.criteo.net/design/dt/41417/4982815/ Frame DAFA 41 KB
41 KB 215ms
49ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/41417/4982815/2e231d27d58e475181cf3e5bd8f545ec_image_ad_160x600.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f7cfa639adfcd80b1b89599510b4c5ea04bcb0650fc7794ef62559fced7896f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 25 Sep 2023 12:09:49 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6511788d-a468"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 42088
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
DATA 200
OK truncated
/ Frame C2C2 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 433cdbb5cd3a653b5350f07f83daa328dbce2e0cf4798683ed287800c5cb7f41

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 all
csm.eu.criteo.net/ Frame DAFA 0
128 B 146ms
36ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=HGMOapDZyF97KwbY5KCQA3BFZrfZBG55U58jnvDsQ6qKf-UexIYtKgZlCexKw8egmRdPq8u5czqKdfpZIC9u4M4zhV50xGjuUFcqxqzied5ppA5WqJvaPY7Ie3jWqQFMKyeOmsauWZfku3hCRHq5AeS2PGrD4Z2RiqPt_WcbjpjjUnwokHvBUWElup_p7iVX8IXYb-WAs37FaX8mStBl-D1fT0WbPtK879mFjQXvYYVpDQ0zIET436pvdPFcotj9f0tDlA&sds=2&rev=88684&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:10 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame DAFA 2 KB
1 KB 64ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame DAFA 2 KB
1 KB 35ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:10 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 65B8 0
438 B 64ms
57ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvrjH-9qBh3UxsMm_IxWNUbWkxPQDhpeXefkBtYV1Cs3wcJ6xupKZGgbx2VF5VwTxYa610CSaPTDipFyxccsJFwvT2YWeSniXQrq2skkqsOUGjksJ1Wq2B7qtR-KF_lfzWjMwMYO-iHWRvWheWoUotS4a1r1LLZWA7fzAxonB7_tdu4Bygf92N2OZx3H6ibnEJqS1vg8sn6FqwjPozI8oVwUg_xZMykWpn-PeOAZ2C7LJKDSY48jc394yIH8Wl6uIvRWvoAZX5lk5tJo-M8U6MEU_REaymrLtFjLkRHrmp-eV7oud0T9fFEIxRGEkA2fZDdwDh6tRnD5VjNMhxcpJXopnuVXf-CyP0DsLbS&sai=AMfl-YQIWpXzJXYHs_kzdjhCbkgBhI1dTnpGjVFh_f3z_2P5B9tg6ZDVick83mIYUStbNztkTGAUuCgl90I0PNQ&sig=Cg0ArKJSzDG-JK_aG7e8EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 04 Oct 2023 13:31:10 GMT

GET
H3 200 container.html Show response
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FEEA 6 KB
3 KB 23ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Thu, 03 Oct 2024 13:31:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 6D91 24 KB
6 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 522282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 6D91 18 KB
8 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e417d3c18683e55a5dab60830b717a621e615745e0f95f466c8fc6ae59e1060b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7883
x-xss-protection: 0
server: cafe
etag: 7637706417767946860
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D91 187 KB
59 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:10 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 65B8 142 KB
49 KB 104ms
103ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef137aa476d32ae7d31704a2cc81d88b9a16fe6e25a7015cf20dd72a49316a02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50411
x-xss-protection: 0
server: cafe
etag: 10393402287110685998
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:10 GMT

GET
H3 200 container.html Show response
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7183 6 KB
3 KB 102ms
20ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:09 GMT
expires: Thu, 03 Oct 2024 13:31:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C2C2 0
0 72ms
66ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CZ80wHGkdZeSrPMWHgAf8yKPYDsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCnNsl4gufsT7gAgCoAwHIAwKqBKECT9CRoGiMR0BH8P8oxMPdDyKX_W3N5zORpeB4U01-5lYo2b4BmiL5Oe2jzBv79Ze8RPU32lqw4lZLGads5pLIp3yRLjPASl0oSrpKh-2GhlkvsPbzQeY6V6gheQyLW4W4k3DRH3dvetwodEbeBBDmgHymUxoq8fyXF4Hhoe3qSlYRqPuNw8NMBFuAnWdg8vcl-tpDgNhGVuQKfJpz3ymz4LsYi1X5raYY8VVkyvERkkWMFnSHUm4B_eYs4NCKaEpenYHuu7x_XvjuhhXiHA_gAdB_-edsCt-l0iPBI9wYXhW2u2FRxxCeDH4CBh94nRBorrC-70HrQpvNde9hGLpashVI9LbnRJ8NlyZiRPrCaidxHpCa8EM_oARgyMDWOKDp8OAEAYAGsOCHv9DW1bcMoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=jN6-wL-bIIA&uach_m=[UACH]&cid=CAQSGwDICaaNqFQhuYB28jtYMz6QI_TDMu-VN82TFRgB&cbvp=2&vis=1
Requested by: Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame C2C2 0
126 B 983ms
35ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k6qtEemuBKAB2ASdg2ICAgAAAB1C_3lfL3zXtd3qYYXwb5EQHGkdZVYzCxECJjoJ_tIAABIAAAoKQVFVQkR3RUJEdw&wp=ZR1pHAAPFeQK4APFAAjkfAPkQ9BC7vo37zcLxw&cbvp=2

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:10 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 166652
server: Kestrel
content-length: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame FEEA 98 KB
29 KB 136ms
136ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a080ea8a98ece8e7dc5119623134bb2efa48b79a06c7121a59bb6d3911fc9cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29483
x-xss-protection: 0
server: cafe
etag: 380 / 19634 / 31078496 / config-hash: 15172790911108097760
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FEEA 187 KB
59 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:11 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FEEA 0
26 B 61ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu9ipp-NNKK2OCbSHGvpiIqwcFFHCm_dCXMxLpELP7ZyooKYywMBu0PA7dFJ_2dN6gH9GBgyjK5sEWKs5T1Bz1cMXzTPb_t8fN5YjuZ186PRjxWjuVZ3agsqPmOQi2HrP9-bJCxwBIA9nrI4ULrj3sQRn1PivNpHUcpOxxYbNduzimFLG5gznhGZBTycWOFswd9UHIN_U1lvOcfmYMAPdusCmz2c-xAQiMmhhyYh9iGMw5Mp4IlPEYrxF3EZtc5K5MRFcUPqLJRJnJH5F71Y1War0yulqRL9biSFpllbkciUmoEMg5acz9SicLE9t5H81rs_XenOy_VVtWm5bjfGiVIIM95YgTP8jE1eaMrJJMwC5yY&sai=AMfl-YTeNc6CUd4ZxBrMrdOdDVjpJQoIVv-C1n0UwqY6AJ7a0o749JS_niDOVWREtove4mf1byhxsFAb658rIC8&sig=Cg0ArKJSzCLtLl7hVerrEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D91 0
26 B 59ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvpXe7jNXjA29UFq6509wd6fpBCdAh2FUWOuJ75a6_Dc7IkbRpBgLTS3IxkX6aYZ8A33yO7h-_qLA8CQve7KixVA9AnBJ0zt67G2IcZcZYK0RYWLp20rnNRdiO8v3bniCui8v5q0BWqVEEizSvETGDQtB2EzjSR-Sj7ACryQzssplNkiT_OZ4LKS51UTMnNOMAPoaAtx39vknlpD8Jz9vVGaz26V3YMhlnVLXRElbVQt0LpGnZabw_VeTSr9cBmWvk6gsTjhg428IoAvkcPbrthh2JFXs-40r_aXnfQAf8veSP8-K4Er_Gpbkk9URna6pVLin9AJ_jVm1foaDc6_wu1iOc_gJ1EIEVE0UGT&sai=AMfl-YR4WdrJZCGZsMueQ16HBKKa5lMC3jriuuswX-AcaX3dRP-i60G6xIVNwuBpGXVXRQRRD3wApRg6xCIpEuI&sig=Cg0ArKJSzFsnUbtkbXPtEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6D91 142 KB
49 KB 130ms
129ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83c4df9d6c884be717c505f9f44c8925b2795d8c9ab61631affbd699a8a0273d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50412
x-xss-protection: 0
server: cafe
etag: 5201715856737094471
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:11 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/ Frame 65B8 378 KB
128 KB 149ms
148ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

278b18b52d5f1bdce75a8deb3672cd3cb1aa94d0e103a58d5c9e41c2b56ae029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131216
x-xss-protection: 0
server: cafe
etag: 14335803533733869299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:11 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231002/r20190131/ Frame 1878 9 KB
4 KB 225ms
19ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231002/r20190131/zrt_lookup_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acefc092ffa6df74a87ef66c614fe3552153903ea3f4da381086eb63d1b8525e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 66987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4090
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 18:54:44 GMT
etag: 6119613530591461916
expires: Tue, 17 Oct 2023 18:54:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/ Frame FEEA 421 KB
132 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/pubads_impl.js?cb=31078496

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e13b990ba95d19746bb5ba999bb22823ecaa39f5964725795eb589985d4d496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10484
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135332
x-xss-protection: 0
server: cafe
etag: 13275702515393991500
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 03 Oct 2024 10:36:27 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/ Frame 6D91 378 KB
128 KB 149ms
149ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21f0feacf590c69e6293bea4d3351afa09582dce86adcb15a48818598567e9a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131221
x-xss-protection: 0
server: cafe
etag: 14902377390223940682
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:11 GMT

GET
DATA 200
OK truncated
/ Frame FEEA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49b689dadb5422c55344fdc3bb4f21f446ff8f02f26aab669d0598c910c26809

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1239 54 KB
21 KB 54ms
54ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHQAM2coK4DaHAANuQHdaawgMTR_P8ht3RQ&u=%7CcVV%2BW%2FaIjpyODksIdSpnfeeZCCC3pcXPcf4do0BlMNY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeAm6W3iav_2Mg0LBvJ2Zi8rVgNpsQppGOVCkKdAPzXFdULEaJGms-g0_z6qV0-8pFLhXEtWQMbVBznxJopDr_m3n3TnfVclcDtWRuXMfGgx8pwg3JJ6eSb4HyBdMVqyYrsatcQmm3KC_RB2nvx7OGqi6fX3hMNuA6ykEOXul8qOYhfQHdrDKqVwHI0g3n6cN4XaXK_tRj7rhiUKjD3Qogu2ONGvkMmz5Q3skmGA2perweyWFPJFd0llQ55wMsjVo--mvMQpUe8xmUReUCwnxD2p05YwGVFCQHyfp-TqgA27kCfZ9A0u30wH2kBFmePKaXrqNmx0wZcaK1rNsvOfZng07iyvhSIsk3ULCfjrW863mGGVI4r4Ruh17xQOYozMd1tx1ZautaXMpWHrA_IZs4QOfnZVNOvswq8IM3aS2KgXN0PYGK8lL_1-QMfcF10ZsJeKzUs_zHy4AwwFbG9Lmgag6eWMiYfDj9SiThU3tzVwWku9IpMx9r2Ck-j0d6m-rgUaf35aBiAV78WNXZ4jRX8v&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCaJi4HWkdZcqzM4ftgAfA3I3wCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCsTbv5raXsT7gAgCoAwHIAwKqBJ0CT9CVKPTTdlGkX5dVvOan-VRd17JmfdxfHjm54wDlSY7LbBHfZKXOSahkUxnCcpeNGDNhlmnM6P9lHkvChlPLl7MJlLmIb5ILsEONAFLZH1mgLIfY7yu0IPkuZBKAQqSYD8BiHs0dQ_mn-YfehcgI36zIxUi8ShJEs2wckwfLv1yhCmcvuSj93Wl-6uHUyF5DeuGEAe8jpkXSkTsspb2lirCKGdzEH4bOYZSurAMBjTY-fGrM91AaHMEalHe012yEq0h9u1JzInc1mLQbTnO_xTQjIkSRx3Q6rp5CenVg9RzjJzWkuZo9U__gQDLs7lDhQ8JxNGTeBWSwnkMm1GLrkfQzVOqqkYY1QUZR7DoFuuR8uWgxlTdK_44mmlbD4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0krK9cLOIddqrDbiqma_3Cg7DvHQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f2ad859cee652c2b79090857fe151e8a6cf05626bd23bf47bda9a75ee54d8440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:11 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=D9kyPZDZyF97KwbYj-szsu7PwYXfF8huQeP-ErEPdHEQi8XxxFkWDPEbtYTZBie0toZKvlQ5zVBMX3ZxYM3yRHjINRewN6NJmqa-Uc1wUhnLvc0V-6TaM8vap-LkTD4C3SWH3bivZ-dYfBK5C0jez_BfrrpQMh2n9zdOvxd2Roc6vJ7j8awqtriDXUS4a3lTHyvJrbibAhlQqrDD9SUOr-4RYpE6yYiHrXJLmpwKjn6pndyxgmXTGh4hXgg1NFMM4WyUyg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 5183218
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 7183 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68990
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 7183 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68990
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7183 24 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 522283
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7183 187 KB
59 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:12 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E480 37 KB
16 KB 448ms
443ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b50921b4447614cf7d2c90c970d56c019b5a9439a18ff9ac38988dc8383a1bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16006
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:12 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1239 2 KB
1 KB 57ms
57ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pHQAM2coK4DaHAANuQHdaawgMTR_P8ht3RQ&u=%7CcVV%2BW%2FaIjpyODksIdSpnfeeZCCC3pcXPcf4do0BlMNY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGp4nOMX6YsfeAm6W3iav_2Mg0LBvJ2Zi8rVgNpsQppGOVCkKdAPzXFdULEaJGms-g0_z6qV0-8pFLhXEtWQMbVBznxJopDr_m3n3TnfVclcDtWRuXMfGgx8pwg3JJ6eSb4HyBdMVqyYrsatcQmm3KC_RB2nvx7OGqi6fX3hMNuA6ykEOXul8qOYhfQHdrDKqVwHI0g3n6cN4XaXK_tRj7rhiUKjD3Qogu2ONGvkMmz5Q3skmGA2perweyWFPJFd0llQ55wMsjVo--mvMQpUe8xmUReUCwnxD2p05YwGVFCQHyfp-TqgA27kCfZ9A0u30wH2kBFmePKaXrqNmx0wZcaK1rNsvOfZng07iyvhSIsk3ULCfjrW863mGGVI4r4Ruh17xQOYozMd1tx1ZautaXMpWHrA_IZs4QOfnZVNOvswq8IM3aS2KgXN0PYGK8lL_1-QMfcF10ZsJeKzUs_zHy4AwwFbG9Lmgag6eWMiYfDj9SiThU3tzVwWku9IpMx9r2Ck-j0d6m-rgUaf35aBiAV78WNXZ4jRX8v&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCaJi4HWkdZcqzM4ftgAfA3I3wCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCsTbv5raXsT7gAgCoAwHIAwKqBJ0CT9CVKPTTdlGkX5dVvOan-VRd17JmfdxfHjm54wDlSY7LbBHfZKXOSahkUxnCcpeNGDNhlmnM6P9lHkvChlPLl7MJlLmIb5ILsEONAFLZH1mgLIfY7yu0IPkuZBKAQqSYD8BiHs0dQ_mn-YfehcgI36zIxUi8ShJEs2wckwfLv1yhCmcvuSj93Wl-6uHUyF5DeuGEAe8jpkXSkTsspb2lirCKGdzEH4bOYZSurAMBjTY-fGrM91AaHMEalHe012yEq0h9u1JzInc1mLQbTnO_xTQjIkSRx3Q6rp5CenVg9RzjJzWkuZo9U__gQDLs7lDhQ8JxNGTeBWSwnkMm1GLrkfQzVOqqkYY1QUZR7DoFuuR8uWgxlTdK_44mmlbD4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0krK9cLOIddqrDbiqma_3Cg7DvHQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:12 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1239 2 KB
1 KB 47ms
47ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:12 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1239 308 B
636 B 34ms
34ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 28 Sep 2024 13:31:12 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 1239 293 B
621 B 55ms
54ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 28 Sep 2024 13:31:12 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 1239 43 B
347 B 35ms
35ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=yRqO5tpXyfzMAtOW69uKdKftDrzOsgzEUFljoTX6tgXkpx0xR0dq55JwG_8Idvtw1FLLbOg-t8YJghGFjGGkgkBKgFd_AgiTddUWyyL5WntalajA6laezXo_nngBgP2uwlykn9YFKWPRcZO2qd2FR3Bh3Ygm3q3rXPypL3xgvPZNgRKKgcb-tjK-jMOP1ch-zZs98Wvm1SR5ztGSep8nNh2ICLdsY32y9PXYwKXn3tjF1XgnL6FWz7qZsE7NLFeSA0NwT2g2HCHQWykTAYDCPlYTzT9PLep49Bw0zN5t9MmUoLERepo4OjbrtK5dwWVa9tgyor6zDi5JoEPJVXYkZeQZVQxeJ-GUSndE10QGpAATX5vMeCHMObls-Vh7_DjHMSxxTdqwMG4KteaZLslfk4zBpAHvrS6kQ_NlKCjMoeFwBbo7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:12 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1501366
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 676d9d9b982b44cdbfd04355dd7ba6ed_image_ad_728x90.jpeg
static.criteo.net/design/dt/41417/4982815/ Frame 1239 29 KB
29 KB 47ms
47ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/41417/4982815/676d9d9b982b44cdbfd04355dd7ba6ed_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

1cce925a6f0b793d5b597ba837e7fbbbbf2e06466f398a99a5f6b3d282640418

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:12 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 25 Sep 2023 12:09:53 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "65117891-72e0"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 29408
expires: Sat, 28 Sep 2024 13:31:12 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame FEEA 25 KB
11 KB 333ms
307ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=338408665147344&correlator=1955020258833703&eid=31076405%2C31077098%2C31078496%2C31078261&output=ldjh&gdfp_req=1&vrg=202310020101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com&abxe=1&dt=1696426272627&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=irvm52kxmbv8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshanhaijihuiguoyu-salalei&loc=https%3A%2F%2Fb5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1696426270645&idt=1853&prev_scp=in2w_key9001%3D1%26in2w_key%3D93%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D93%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=4245272644&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

644fc840fe7a0467e6c751abcaae2625028ad2b57ab1d137ed485c3530e89796

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:13 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11711
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 23F1 6 KB
3 KB 91ms
42ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/pubads_impl.js?cb=31078496

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:12 GMT
expires: Thu, 03 Oct 2024 13:31:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame E480 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame E480 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E480 0
0 113ms
30ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRvHsUz0xLPfaxAfOQc5N8jPxrt6dtjUNUmo8_qGZSPTT8OG_QlHzeICNEn9rtaA8pqwAwtD-Ninv6cEByuj74cbvayDA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E480 187 KB
59 KB 190ms
160ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:13 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1239 0
127 B 35ms
35ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=D9kyPZDZyF97KwbYj-szsu7PwYXfF8huQeP-ErEPdHEQi8XxxFkWDPEbtYTZBie0toZKvlQ5zVBMX3ZxYM3yRHjINRewN6NJmqa-Uc1wUhnLvc0V-6TaM8vap-LkTD4C3SWH3bivZ-dYfBK5C0jez_BfrrpQMh2n9zdOvxd2Roc6vJ7j8awqtriDXUS4a3lTHyvJrbibAhlQqrDD9SUOr-4RYpE6yYiHrXJLmpwKjn6pndyxgmXTGh4hXgg1NFMM4WyUyg&sds=2&rev=88684&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:12 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1239 2 KB
1 KB 92ms
92ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:13 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1239 2 KB
1 KB 50ms
49ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:13 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7548 38 KB
16 KB 455ms
454ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=280&slotname=3654094576&adk=229048865&adf=3173046730&pi=t.ma~as.3654094576&w=336&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426271199&bpp=727&bdt=954&idt=2080&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31078362%2C31078301%2C31078420&oid=2&pvsid=2989584093160384&tmod=172839782&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gzck6unoo827&fsb=1&dtd=2294

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7869d4ba3529b7a2604778367eb4363635fe4ac7b01fda7ed89b390831a05986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16465
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:13 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7183 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 512af5e5b54741cee7d41cadb8faddef8bce49d21c054836119d0d7d4c6c0383

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame EE34 164 KB
51 KB 131ms
118ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIAADX5wGrSroAAo_0cFeqqwIlJXw0-ErbQ&u=%7C2wsBr8wc81jqYusXvBj62qzulPRXI3mQqFdJmmc2BmY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQpTCQxD9nzu0np_tEqoxIU8i6JNw1DOsLhuBEyd-3wcx6EnS6VcTWEKomH2_JU6Ws1mwMV7Xv1t_crsoMdyL08u7Eeu7GbTNGAhV_54qm0Fm8JJMhA6kwxEab41d7ESpmYbU50smGWdChcaM2lG8G9JwvXjpkhaCVZ9B4nqTq2DPP6EiTJPSl-RdgEgrtj92AAcs9_-_1W1sJ5WMARcfySsvcgdMNKndmyfHS5AFoXyMC0U-1z8hefNGufguvzzLlp0lRBfL9x-sn2xUzLs_debhAA2A5l6GggZ4cPIh33PtHl8szB8VrBsJpnpETk4Ci1igXkq9bloavPDhrGnQssFC-WQZDuAiwYFL11qKZTsmGuB0qGf6o84P6Wv7Jw-wRUQ8AearWK1mfWtsrCYFeTU3AYNq8tHYiu6wBDbSWt1WLC4sHixgctCzJOHIOkiJYRE2ITRewdMy40ikxa3sTGLLC3Bbfb_9b_P1YGyFeZOk7mrmIacZt_O5bf50lDkkdolM12JiP0wIN176pgSPP5Qn571UZaqLjI43xKxfMirU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOuBFIGkdZZy_DejVtOUP0f-o8ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpArE27-a2l7E-qAMByAMCqgTJAU_QBLVKrQUSXN7HUkACmIp9oXUcuw_Yg6in4PesbXHjT1YU9VTHER-vnTtPkg1R9dKvlY3LaoF0-LPqRWMTMUPapvphhtrTK8yuna5HfWWVXEkvBHWGskxq4L8bqj1v__UymGdwURZ5ZnWIriI5rsKJaXUG4j3yoYMcJ0M3rfIFvyIAdwkxS_CxTkXe9iajjYzfuxVLymuJ9-qnEB17g_D6hM8oxGojXcMbHbsw36C_VSsun0OtazgNLedJ-wHjcLHgYI1Rudcq34AG59C6h_zX6_pFoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3DXh7st_2-fhboJ50KijI_5qW3Fg%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a5e2854d9f249414ea735a573737490b09b5b7b6a8fd9391e0fb1be8a3fc6233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:13 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=MZ6DwJDZyF97KwbYbjMfxRFpLn7VdYgfGadTTFcPx8pjJUd3lLDuAcRCIxeZjawOT47AlhU5TbVb9PztPQ53Juf4lq_wk4_N-IKPkDMT41pbSd1GcMX109S8ToOMsO6x4Fqy3z9MAvZUJ4XCZ2c-xVEfLfpKZVxE9WH7TIlJCq5ByjBT17Lx_QZp1sa2XAUryXKwAaeiRdtIlP63J5tuCfPGsMVNI-FosVHTiMu6f1n-5JXYnyH5WnGgPYl58WNqJB3C7Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 69827870
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 container.html Show response
9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3F4F 6 KB
3 KB 43ms
42ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/pubads_impl.js?cb=31078496

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:12 GMT
expires: Thu, 03 Oct 2024 13:31:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CEC2 1 KB
643 B 184ms
61ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20149
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame EE34 2 KB
1 KB 180ms
0ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIAADX5wGrSroAAo_0cFeqqwIlJXw0-ErbQ&u=%7C2wsBr8wc81jqYusXvBj62qzulPRXI3mQqFdJmmc2BmY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQpTCQxD9nzu0np_tEqoxIU8i6JNw1DOsLhuBEyd-3wcx6EnS6VcTWEKomH2_JU6Ws1mwMV7Xv1t_crsoMdyL08u7Eeu7GbTNGAhV_54qm0Fm8JJMhA6kwxEab41d7ESpmYbU50smGWdChcaM2lG8G9JwvXjpkhaCVZ9B4nqTq2DPP6EiTJPSl-RdgEgrtj92AAcs9_-_1W1sJ5WMARcfySsvcgdMNKndmyfHS5AFoXyMC0U-1z8hefNGufguvzzLlp0lRBfL9x-sn2xUzLs_debhAA2A5l6GggZ4cPIh33PtHl8szB8VrBsJpnpETk4Ci1igXkq9bloavPDhrGnQssFC-WQZDuAiwYFL11qKZTsmGuB0qGf6o84P6Wv7Jw-wRUQ8AearWK1mfWtsrCYFeTU3AYNq8tHYiu6wBDbSWt1WLC4sHixgctCzJOHIOkiJYRE2ITRewdMy40ikxa3sTGLLC3Bbfb_9b_P1YGyFeZOk7mrmIacZt_O5bf50lDkkdolM12JiP0wIN176pgSPP5Qn571UZaqLjI43xKxfMirU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCOuBFIGkdZZy_DejVtOUP0f-o8ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpArE27-a2l7E-qAMByAMCqgTJAU_QBLVKrQUSXN7HUkACmIp9oXUcuw_Yg6in4PesbXHjT1YU9VTHER-vnTtPkg1R9dKvlY3LaoF0-LPqRWMTMUPapvphhtrTK8yuna5HfWWVXEkvBHWGskxq4L8bqj1v__UymGdwURZ5ZnWIriI5rsKJaXUG4j3yoYMcJ0M3rfIFvyIAdwkxS_CxTkXe9iajjYzfuxVLymuJ9-qnEB17g_D6hM8oxGojXcMbHbsw36C_VSsun0OtazgNLedJ-wHjcLHgYI1Rudcq34AG59C6h_zX6_pFoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3DXh7st_2-fhboJ50KijI_5qW3Fg%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:14 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame EE34 2 KB
1 KB 146ms
0ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:14 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame EE34 308 B
636 B 36ms
36ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 28 Sep 2024 13:31:14 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame EE34 293 B
621 B 38ms
37ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 28 Sep 2024 13:31:14 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame EE34 43 B
347 B 45ms
45ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=nvKkMBR8n_4ILHwhXuRgo34ZeDBWFQT_8MRwI4tzSndc88qEJ7FGejpCpmxoWqcVCJ-z_DXYUqCPTXsDW3PWQG3UMNQLRnuS5sO2jTDnjjB4fL7BvQ6Ut1FUPd7OVSzaVvfurQQ6UJPm93TGgQ2LfmQIMipC4SYBBy5hwqBUP3qbWC-8sylyiK7AH6pj7NeXH3hge010VCnDqZfwWd1G4d8F39G5oRRbMAAky31X9EBdXM7H1mBtPDqJZ91O0b69oNxM84X95SUDGpsck253-Th-YsGM-t5q98A6iRidFAT_F6XHcgq6KzyahSsdJy_FWR3Blkawvg3QZ-InByjP3lT3ECnd2ri5fc69n_1VnUDqpsJRGVN9qRtSV2CVUqv5BGCDJfmbwz_EmlJfbPaSdhH05AEXecYJjaISu_Jnfzdchb6a

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:13 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1677482
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 7548 3 KB
1 KB 143ms
47ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=280&slotname=3654094576&adk=229048865&adf=3173046730&pi=t.ma~as.3654094576&w=336&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426271199&bpp=727&bdt=954&idt=2080&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31078362%2C31078301%2C31078420&oid=2&pvsid=2989584093160384&tmod=172839782&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gzck6unoo827&fsb=1&dtd=2294

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 7548 20 KB
8 KB 148ms
52ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7548 0
0 36ms
36ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSadUBIH0M1MrzaPfErqG5cOxHAwTEKbTuJDvPxdS3WB2_cOGadDRJf91KN27EhOzzv4paybsyIr-OA5QBmYIoqjWMLWw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=280&slotname=3654094576&adk=229048865&adf=3173046730&pi=t.ma~as.3654094576&w=336&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426271199&bpp=727&bdt=954&idt=2080&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31078362%2C31078301%2C31078420&oid=2&pvsid=2989584093160384&tmod=172839782&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gzck6unoo827&fsb=1&dtd=2294
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7548 187 KB
59 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:14 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7183 0
0 144ms
76ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUsc5HWkdZcqzM4ftgAfA3I3wCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCsTbv5raXsT7gAgCoAwHIAwKqBJoCT9CVKPTTdlGkX5dVvOan-VRd17JmfdxfHjm54wDlSY7LbBHfZKXOSahkUxnCcpeNGDNhlmnM6P9lHkvChlPLl7MJlLmIb5ILsEONAFLZH1mgLIfY7yu0IPkuZBKAQqSYD8BiHs0dQ_mn-YfehcgI36zIxUi8ShJEs2wckwfLv1yhCmcvuSj93Wl-6uHUyF5DeuGEAe8jpkXSkTsspb2lirCKGdzEH4bOYZSurAMBjTY-fGrM91AaHMEalHe012yEq0h9u1JzInc1mLQbTnO_xTQjIkSRx3Q6rp5CenVg9RzjJzWkuZo9U__gQDLs7lDhQ8JxNCbcJPYwDZMbcrLMS3gTvU6ktoyDS2hJbo7Nh0KOBnYdja-Aa67P4AQBgAaw4Ie_0NbVtwygBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=ZaVF3EuDvZg&uach_m=[UACH]&cid=CAQSGwDICaaNZDgzkVmm0hParHeFYZFnZ0Usa2krMhgB&cbvp=2&vis=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 7183 0
125 B 113ms
33ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k6qtEe-uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRAdaR1loSdQcAQ1NECZLQAAEgAACgpBUVVCRHdFQkR3&wp=ZR1pHQAM2coK4DaHAANuQHdaawgMTR_P8ht3RQ&cbvp=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 158417
server: Kestrel
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8C3A 478 B
195 B 81ms
78ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW7bBIreTnFVkdiSs1-HxvfFxH6nozMKjy7Ko3OLQ9Zn-cYTf8fITmYtiOrdImQP_XW9kPbu1buol3fbZRkLljj2sFUug

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3F4F 89 KB
31 KB 84ms
83ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:14 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F4F 42 B
64 B 80ms
77ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ALGwCjCSHUs069SHCdHg4KcjmK2cbMB8UuzxUqD-LTz5Hff1ySC4x43ctm9YwN5fGnGNrbe3KwntJ_j6P46w5Wz6xnzvX0YLxnWOt8JFcTjjThvwI

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F4F 0
20 B 81ms
78ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10116856231078773278&x=1&ct=77

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 3F4F 32 KB
8 KB 105ms
30ms Script
application/javascript 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad4.adfarm1.adition.com/ Frame 3F4F 3 KB
2 KB 106ms
31ms Script
application/x-javascript 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CmAupIGkdZYK6MtOU1PIPtoqFyAr7vYusc7-f6LGIEdq24u-aOBABINPLzjBg9ZXOgeAEyAEJqQKxNu_mtpexPqgDAcgDmwSqBO8BT9DRYl6F-9FD479Dz8a2mmduHpsA0S9JkZ0gtBE7bx-bRPV9rkkDOyshSM9LJKktOeV3iw26s6mr7zvX5IpFmHHi7bzfNoFzWoG2wGJJZR-9VEP4lmkDE0fPS9oosQoxYrVSEA3XxIcEbangbQJfXmWepGP9gn1hubz1TqU8Iu_o200egNFkTrsEPR9SIEa7vLJH4RTyhhJUcb9lODcGP-Imrt_5esrf391M89emQqfFtBfnhBTJab65Gu37kYxzv4ziUvpu86hqcNolmQ5GaKGJxA6bd7IfgyXPRy6JH16WDiD_LnVIV0z6tanD1P_ABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB_DrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI-qKDq8DcgQMVUwpVCB02RQGpsBOq44EV0BMA2BMKiBQB2BQB0BUB-BYBgBcB6BcB&ae=1&gclid=EAIaIQobChMIgsqEq8DcgQMVUwpVCB02RQGpEAEYASAAEgLdhvD_BwE&num=1&cid=CAQSKQDICaaNn0gtA8qA1JkpeZXI4v2F901YlwO8AS1_w1F0ZJhiHUaRSAY5GAE&sig=AOD64_1LMbd3ruidZGd8Ge4ia7BBviFZRg&client=ca-pub-5884294479391638&dbm_c=AKAmf-DmStS-CXbk4xmqnkn6MwAE23wBUlMnEHg54r-j_HKVtX3fwacgCjUy1k-BBiNscrUhWrZ99pO2qbGU6_c-E3maw7RNCTnD2ZaBMRsHmtfFgttlNUn-cLeHE0DkDLnGSbwQC1hZ8WBL1IAE09ztuCjhlbkSir8wTEa8de7h7RLMXcHsbnU&cry=1&dbm_d=AKAmf-ArQ5AyuVTIF5nlcxLsZ_Gbbtlh0pnM8pDadNNZrWQ8zvnD8hgJTuIrPKW850iUmy_iyRghtFsXLSulFgG_InLqIj2ddG4M7w5VI7fQ7itexO8xIbO6VAYCpxjNb8SxUT4fHtTBWE3hLTf7Z16TA83yRhqhp9neDXbJp5UmB6sl56rQ26hnNFvZVwjHZvBySogVL5W4NQZtoPcMWh83Skno2BwZt7tWqspQNYlXoOkW1aIcsIDroAUPfSexAE49wB1rLCH_VrRB-W2ZECdmk3mI1IXwpqEvbmJRuwFCyUgSzVUqx_KOJ2i_POHH6HVGmeY62M6knNgMcDuO1A79myAXC-GASET7Zd_3_LcgXyERPWhgc5tQn5wpksfo29N8ATqmhd_LZh8Q16L3QNc_NXf5Sif5xuxftgz1ls0r9Z11TYK5oax1InvsvmvSPjsF6H7fWF3lemP7kNsmav-QoUoaNEKjafF5aL5aaye_UUAfmcUZu2JS6A2RRvTb_7uB99Qg_kNr4embSkE2xij7iQBeItYIsRHjNjVsgAyO3opj_zQU7YQmQae1OowDQ4x3-ZRnZ_bpNYDyzWreWFl5exa6j8t7Ig&adurl=
Requested by: Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 9956b67a65a6103b7d08de8c31811f8f4b4b47621d1534786745465e4ce0e4d7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Wed, 04 Oct 2023 15:31:14 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 3F4F 3 KB
1 KB 40ms
37ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/ Frame 3F4F 20 KB
8 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231002/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:21:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:21:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3F4F 0
0 54ms
51ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxRkYhic9DPHtUKSrtd64Bso3IWxmIMV6jHO9ueHjbM07Vslyuti-nexACPLtdVg_ClBXa97ZMuVqvOzZQQjjUYr9RVQ
Requested by: Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F4F 187 KB
59 KB 103ms
100ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 13:31:14 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 6709 49 KB
19 KB 55ms
55ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIQAJvsQGrSsyAAA_Xgh4eSusAY8KNpT5BA&u=%7CiYnhlqhBJzGjUrmnSZPR2Zl9PUPscbuBzAwEiJswRCk%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5sh0sko3T2VI8Lb1LADPR84kb0PKX0K5sV1ph1hOJL385aoHRv7a9w8H19JpdS5d1iE2aphjARuyDU_uBQX-6TsMSfypJKY6utr71FRamSDxsNn-CqmnSKm-gZmPk2pLN6CG1ZLyn5XFvVfBjsi15m-sDxhL6-9Nvxcw_T-5WMX_fZ6zm7beDoipeiNToueU2nDh0muzoFP8gdqRVj1k4cLu2dM4YwQWIOOQcNl_X1fu9CuzmyLoF-3Ir-UK_a5j3znYnHCforOC01o44nsQmWY0cOweVrCz7yC5OvnxFysOThHeXgOORnJi2ZWLsY7UjIZXC6DX33oY7FTjB62VuwNBKL9C3jukMYdF8O-5msHIioqNK7oBsSlVMQ1to5XUGizDzLHEfHilubZZl58O1e0Z57crrxRKKs1JVPvWdBF9fZt2b-I_LyOC-OkZ2gVrH8pydnKKN3URxa50hj0ErtDJCLLid57juij_ycNMDgdb6MTjTU1uCqIk5lxOWPizidJ8Ap5fovqbvxhkapH1ha7oLpm6FmYmbwwhfwMJI36S&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs2LuIWkdZcT9JrLWtOUP3v6A4AjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAtFd-LytnLE-qAMByAMCqgTKAU_Qf38PahucrwT5t-f8WPvYKW_R4UndUO_83-dA8qlGd88a4Q1Zkp44Ys6Xc0MUod-CW0QSZg_62fxHAbCekgXS2n8j_gOuFyEnFXZFLhuNyhYZG1xlP5gqDNnh0Upq07o4VwgOY8lknqWXMAsr21Dv4h_mv6XHmNyz_o5fKIZDXL5E6ZxaxBk3xUP27CMi5uPAhCQv2xsE_81ZQvrr8MdooR-zondpByTmuEpB2lX75rOdhbUK0W_3JI8_svxW4-ibe1afuEfKnwiABrDgh7_Q1tW3DKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ag5E1DBk0qHGcohHU_PILDcAAkw%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6d4ce990b5d218199e8be7f6d3aba63ba7b99a50529a93c237762e5923a0fdd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:13 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=qd6DSpDZyF97KwbY1yp-xXODrWwW_RUT2-J3OXNHy1P_VmTij4ci27RUbIgRhCorB9NYSXP7NphLE8yGLww-tpsRX44B3p-bs6ULqEMOaP3t1J8KVp6aQ1XsjoouRa4LNDFLlKVt9ZuP4dW3X8X_ghGVrqQG_jh_JFAVST9k00FqIX7Z8pPxxAUKYcQdGHcBAnGnHpipGeS8L0_dXHFFMSdGTcaoAecISGnNRoYfVD6yIO7G_LaxgmFSDhBahbQwRROQew"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3378084
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame EE34 12 KB
5 KB 133ms
47ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 489115
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QfqVl765dN9i5JJJFGt091ImE14qybuDwo9kumCRKSWEMMsLHQadQ2tSyXuO%2ForOHvGZ17%2BSlJh2upS0qQnLlNV%2BzZsBQQOjFu3eeXAadGuliP13%2BfR%2FCwPuddb3Vs749ca%2By48Ek0iCSjPfJ9WbXO45"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810dc8b9fb23f19a-CDG
expires: Mon, 23 Sep 2024 13:31:14 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame EE34 12 KB
6 KB 43ms
36ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:14 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 8C3A 170 B
409 B 104ms
40ms Image
image/png 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW7bBIreTnFVkdiSs1-HxvfFxH6nozMKjy7Ko3OLQ9Zn-cYTf8fITmYtiOrdImQP_XW9kPbu1buol3fbZRkLljj2sFUug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 8C3A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1&C=1

43 B
338 B

73ms
73ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW7bBIreTnFVkdiSs1-HxvfFxH6nozMKjy7Ko3OLQ9Zn-cYTf8fITmYtiOrdImQP_XW9kPbu1buol3fbZRkLljj2sFUug
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBVwLpjC0IK4ObU8ICe7Kk30chVj2N5qyPJbKZ2yjivFcTZpnAWwGOZ3pL3hrOAvBbzYOY64WQLk6pknoglNMKv5tCY6FEELK12C5%2Fzkz6rUFDQyi%2Bq0dq%2BwlFk11O1iP6Sc9cvvhyL9og%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 810dc8bf7a883cb1-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kI%2BuOYICUEwDyjY7XbLArMIRKIXGulzs3IiXmmBSAWePUUGi%2Fs5VSG3Ws%2BlLZbsFCD3uLVAtdtu%2BNJJ2NpK2cW8ZUstxyDhk6eDzslYmba%2B0W3HV2aw7b2i5zbDwhIEgq6HZ3G%2BGJkKwnA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1&C=1
cache-control: no-cache
cf-ray: 810dc8bdbea03cb1-CDG
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8C3A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR1pIz5hM2hnUAhWIIGQfwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1

43 B
768 B

105ms
104ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW7bBIreTnFVkdiSs1-HxvfFxH6nozMKjy7Ko3OLQ9Zn-cYTf8fITmYtiOrdImQP_XW9kPbu1buol3fbZRkLljj2sFUug
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMPvl87rYtLA8QIoJkMObT8bwzJmHJ6FcOPEYXiFkROVVu5oqB9JgGvWmNvXwlo7GNPxelf5ZfZfNxjljoBkbXbVmDz6c4qwpmJ9ySt13Ua%2FQ5GaunSbWQnzD74IS6sd%2B1wnjqmIo6i8Og%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 810dc8c11e37f8c9-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED5HyKWrXcGk8d10LGHcsAs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 870E 1 KB
643 B 36ms
35ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20149
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7183 42 B
64 B 220ms
167ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1HkXbCwd1D6ICJx4JtScF-70N_LaD3De92bWVoZ0mXe8GBpUHLdIofKW_M6rWveAlUB9zpBKksCKdYJQh7UYVuvIWLGywcKDBeYU&sig=Cg0ArKJSzNraWK4NgDizEAE&id=lidar2&mcvt=1190&p=0,0,90,728&mtos=1190,1190,1190,1190,1190&tos=1190,0,0,0,0&v=20231002&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696426270751&rpt=2959&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CEC2
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmB...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEU...

43 B
422 B

277ms
243ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 810dc8bf2df90229-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 115
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKCTCBfuiZgYSCE9VkdZtoM&google_cver=1&google_push=AXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSfp-qw4TXPQeNiPe957CTrH5japEay5phHWmpty8VHsHaTgU40spu5hi2NCVimTw-TqQ0coEaKX4jS6dLocv_vakf-tEUmBA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 810dc8bbc85a0229-ZRH
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEC2
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESELk1ZocCjoi6GGa5ciOYLgw&google_cver=1&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfL...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfLLbbdlEOPD8ZU4O_0t7hGHYEpg

170 B
188 B

35ms
35ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfLLbbdlEOPD8ZU4O_0t7hGHYEpg

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 04 Oct 2023 13:31:14 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9E9D153D208744AB9EC5475F2A4C8520 Ref B: ZRHEDGE1516 Ref C: 2023-10-04T13:31:15Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmT7hazu0E3R6lavkxGhn8Mh59Sp92yOHl4Agr9M1CyE1Apm2j6Aikk-h3s4L8JG0MfH-mcfLLbbdlEOPD8ZU4O_0t7hGHYEpg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG5AWEZ5RrZ4SIN8m7Lg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEC2
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_cver=1&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ
https://rtb.openx.net/sync/dds?google_cver=1&google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZzt...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ&google_hm=rDb0ms7rylokntk20iuOfw==

170 B
188 B

35ms
34ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ&google_hm=rDb0ms7rylokntk20iuOfw==

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTM2FOR7-oTEnW2AJuYCre1MZCQXWCut3je_BHF5HOdWJqDXRAO2Tos0X3d16qWCxuvyavRsjDvLta9fbgmGOKM2LAS1hZztQ&google_hm=rDb0ms7rylokntk20iuOfw==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 231

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEC2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKYRWiXPvlQwc7Dkc8ck_wE&google_cver=1&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEn...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKRDctMjUtRThMOQ==&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEnJuyB3YUBaY5WrSPBlELY0xCMOJw

170 B
188 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKRDctMjUtRThMOQ==&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEnJuyB3YUBaY5WrSPBlELY0xCMOJw

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKRDctMjUtRThMOQ==&google_push=AXcoOmT3Kf6foXA2FFPcFKaMYaisvtiN8LiEk9vxNUWGi-7Ta6BF2rJZWz2sXrU6Iz3Xof00nEnJuyB3YUBaY5WrSPBlELY0xCMOJw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: aca6c52e983509e86b136a052e19be23
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEC2
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEOAoOWIkyTP7RahE2GVtYQw&google_cver=1&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw&google_hm=M2VjXzdjY1FRWWNpOF...

170 B
188 B

51ms
51ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw&google_hm=M2VjXzdjY1FRWWNpOFlkd3ZxSXk=

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ98xSHQFa0cOaQ3Mheu4SwTAiGBmba4l4f6jwhqiaT3m7PoS2Q2NYYF5G7eCdSZgyY2S6Z4C8o_ef64mFMVlCAluvG-F35Qw&google_hm=M2VjXzdjY1FRWWNpOFlkd3ZxSXk=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CEC2
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEDKWHqipfdvOGOnLvJ_uKhc&google_cver=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj724YhtBiNrqwSlKlEX1amtnBh9HPPYUmnEJs2pZHj0Q46_U0z5NR13fLO4xJj1nb8p-K...
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&mn_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj72...

170 B
188 B

51ms
51ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&mn_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj724YhtBiNrqwSlKlEX1amtnBh9HPPYUmnEJs2pZHj0Q46_U0z5NR13fLO4xJj1nb8p-KRjWIw&gdpr=&gdpr_consent=

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 04 Oct 2023 13:31:15 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&mn_hm=MzM5NDI3ODc1ODQ1NDg1NzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmSEeWZ8pxrxOwu5LwPDPrYvj724YhtBiNrqwSlKlEX1amtnBh9HPPYUmnEJs2pZHj0Q46_U0z5NR13fLO4xJj1nb8p-KRjWIw&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Wed, 04 Oct 2023 13:31:15 GMT

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame CEC2 0
35 B 190ms
25ms Image
text/plain 3.71.140.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEFT2kwGYMAZ5-MRnE2GMuHg&google_cver=1&google_push=AXcoOmR2GgqPUTLJjFqlRP2DjECBbLvLaeQ7jaE3Jn_s8n20-a0b5t0Vz1kVaopNpfh01r_EQMhA4unHcMIH6JAHHjkwDHlZHqkksrc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.71.140.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-71-140-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame CEC2 0
50 B 36ms
35ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L1NAEL-1XrftQvvIUuS294sfj250uvqxtefXrirp_b9h13VCSytMx6o7wQ_kqC0Lj-fbJpMw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 6709 2 KB
1 KB 48ms
45ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR1pIQAJvsQGrSsyAAA_Xgh4eSusAY8KNpT5BA&u=%7CiYnhlqhBJzGjUrmnSZPR2Zl9PUPscbuBzAwEiJswRCk%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5sh0sko3T2VI8Lb1LADPR84kb0PKX0K5sV1ph1hOJL385aoHRv7a9w8H19JpdS5d1iE2aphjARuyDU_uBQX-6TsMSfypJKY6utr71FRamSDxsNn-CqmnSKm-gZmPk2pLN6CG1ZLyn5XFvVfBjsi15m-sDxhL6-9Nvxcw_T-5WMX_fZ6zm7beDoipeiNToueU2nDh0muzoFP8gdqRVj1k4cLu2dM4YwQWIOOQcNl_X1fu9CuzmyLoF-3Ir-UK_a5j3znYnHCforOC01o44nsQmWY0cOweVrCz7yC5OvnxFysOThHeXgOORnJi2ZWLsY7UjIZXC6DX33oY7FTjB62VuwNBKL9C3jukMYdF8O-5msHIioqNK7oBsSlVMQ1to5XUGizDzLHEfHilubZZl58O1e0Z57crrxRKKs1JVPvWdBF9fZt2b-I_LyOC-OkZ2gVrH8pydnKKN3URxa50hj0ErtDJCLLid57juij_ycNMDgdb6MTjTU1uCqIk5lxOWPizidJ8Ap5fovqbvxhkapH1ha7oLpm6FmYmbwwhfwMJI36S&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs2LuIWkdZcT9JrLWtOUP3v6A4AjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAtFd-LytnLE-qAMByAMCqgTKAU_Qf38PahucrwT5t-f8WPvYKW_R4UndUO_83-dA8qlGd88a4Q1Zkp44Ys6Xc0MUod-CW0QSZg_62fxHAbCekgXS2n8j_gOuFyEnFXZFLhuNyhYZG1xlP5gqDNnh0Upq07o4VwgOY8lknqWXMAsr21Dv4h_mv6XHmNyz_o5fKIZDXL5E6ZxaxBk3xUP27CMi5uPAhCQv2xsE_81ZQvrr8MdooR-zondpByTmuEpB2lX75rOdhbUK0W_3JI8_svxW4-ibe1afuEfKnwiABrDgh7_Q1tW3DKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ag5E1DBk0qHGcohHU_PILDcAAkw%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 6709 2 KB
1 KB 44ms
43ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 6709 308 B
636 B 46ms
38ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 6709 293 B
621 B 45ms
39ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 6709 43 B
347 B 45ms
39ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=BHqDINqtH6RbxVfjBbWi1Pmnj1bs3Yv0BRX_1XdrLnUcnKyeLK1r79WNItcRM1Xfrn__1KJxUtYNw5c5AfhUUVRQ42lDyZxZdiN8MlLD1eAZ4ErRBBliBNxy7D9VueRH-Ev9xUXDttK8QAyAJCV_K_9X_9g3mkZFM6JVONybdOAh6am0NiZVCsXKeb958gSCiQninVrGbfV0xyJJ-YwrnXwKWTbBqZwvkQfW_2VPxATn9PBwqD6h1xD-EUookKVxS-b4_NrJwabP6_FyV5YMawu36mYyVfyL4RQO_Waf6m-_Prwtn3IBTetkut3XMdQT_B1GEvsM7zxpstlQ4VYjk64W8w_P_oPdYspctwwT6yrACZCafEIp7fXEq1ldfl2E6JlelbeYzd4_MKmzvVtvkEB2HLNJ74zKwZM2hVLzwEL_BjCO

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1789317
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 a7428471ab914ef7867ba9a1da7da0c4_image_ad_336x280.jpeg
static.criteo.net/design/dt/41417/4982612/ Frame 6709 33 KB
34 KB 74ms
68ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/41417/4982612/a7428471ab914ef7867ba9a1da7da0c4_image_ad_336x280.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

461ca9d575b3937553488f2cf6d01999917b2caf75f12c824c811793078ad425

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 25 Sep 2023 10:35:33 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "65116275-85bc"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 34236
expires: Sat, 28 Sep 2024 13:31:15 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame EE34 0
127 B 41ms
37ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=MZ6DwJDZyF97KwbYbjMfxRFpLn7VdYgfGadTTFcPx8pjJUd3lLDuAcRCIxeZjawOT47AlhU5TbVb9PztPQ53Juf4lq_wk4_N-IKPkDMT41pbSd1GcMX109S8ToOMsO6x4Fqy3z9MAvZUJ4XCZ2c-xVEfLfpKZVxE9WH7TIlJCq5ByjBT17Lx_QZp1sa2XAUryXKwAaeiRdtIlP63J5tuCfPGsMVNI-FosVHTiMu6f1n-5JXYnyH5WnGgPYl58WNqJB3C7Q&sds=2&rev=88684&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EE34 2 KB
1 KB 98ms
97ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame EE34 2 KB
1 KB 94ms
93ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F4F 0
22 B 73ms
73ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1897430060279&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F4F 0
22 B 56ms
54ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1897430060279&version=m202309260101&ct=77&x=1&cor=10116856231078773000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3F4F 29 KB
18 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AH179C3s5tMw9MKyhag1gkpnt5wFUIRvIrK1vC352L2n1gSrKixoFxDefVuL9Wvsd2yII9zEIBd3oztY-nrnKcarLR6idyqjLZzYZsmVfyhG1jRkcRYLvFUgI1NhyGwHLLoXqLbCM0kKjWG-XelVbXwzLTe-9lbQJuJC-rTW1ysVs2ybw&cry=1&dbm_d=AKAmf-C5qNb1070iD0VIn8xYoNlnn0wgkeF6wOsQKdAMu30wNHTZv26sISvJhTO7Z9AE4fk5q51pN9GqZPZ8XpCW1GX72i1O-7TQitsAiBcCtNGRVA-eVVCEkfuL2-B898L6lt8cayB2J9NvnwAhyBCgBv5fHcanVPWPMCsPpjo4rKsA-JQEMNtJjH0Z2F2Q9QdwAzYIyBddDEuRfXI2hZm9Iy2M4AY3cHJDvaCcxwSpEaHkD4Woh8MDmRbPHLXjZQ9yBa3aZ2apBHBrijKXxPFIci5xE0T13eR9i-M_B3Rl8eGO60uiY10VudR4W3Fd0V1FXS8MXvwLE7ahxNEy-SwSAsZZ_RGD_xOEWAQJAmwjxsmGr4F5_znOecsobQewGVHKctaP7nO6VCRuMfBZvGTHRXeNRL2YC45REupYWE71TkWZ3TVYV-WK1BL7nbgKlHhc1wwo_3pKyzLycjG4ZHa53cXoEiv_U7KwxL6NLjc5JlBlW6ptT_y7IS2zDc20Wm0lbZZWz28sCVqiHf0Hv0Ctia6XbhjuDH2VI8DAW01FAFsZjEKwJWGJgz3RPeoPShOQNn-37NGc7WAMmgKsw0j6yQ_w3WxI-f2mNefri_L3_Ge1-LLrVYCqb3llAE2jDaZ1owZpdPFKRXuV7v47JPsjTEgJgJ84okSS5UM9v2FFmPAHhhlWPoJfSWK0YBDAIHQ8tuESzl-CisjDCOqTtWVr7NXCXDR4dbtO5ziEnCATkSzJwrwTflE8BcNacuzqjN-bM1YkaPcYUDehWJBE1ySrZIwYL8tiQBx-vp8N_-bvSp6pxME0cnlc8nU4cyEo7yqmy2uvQ2FIQoEaEEAiggDiPh_CH_xxX9SCgWuYDT1E2O7GYpC4uH3sRb54cFXYyg6yqLqNS30tUwJW1VrGqNtFHvIDwTppk-thtTndRI6ZhnGayBCEJyizNLEgTACNMTNWGS41olh_PWRyl_S5v-ZsssRALnnr-rPd3fW4CB7zCl_sc-ojA0nW7mkGg221g64ZyegQMUSNaCG3F3OBiUQXKia3fAgtqDwNPAE-4iVyCaAJ7BGL2GrdQMjDibHxHq4KAjpLYF5T7QGopK04gkHFtvVoE6nNzBh510jQpq9Ww5eOywY0vVI-6wXtOLKgIIPW_pAnJGcaPVLcYHG1sGGBERUeFsbQnvtixS7oDUxi2zYyY3geVJznMhur4fSgBYIF1hRQ0P2N89LvG-ueURVdkevXshZEaJSn65-1RllJPChDnQBIeKETk8aHODvV3-lornlqkA5lvf7GKMtSCkS__GcED1G_-MWb3iWUQm5fkZKQqov_N8JulcNVOdC-NyXQuR-7gb9zHLdeM3KaBpe8jxOysyAdBsFKX3tVopVNkbBn17nywBxG-Wefu_-ZyVWrkI35tipyPHsGN42arjExstPCuvzBhamN3ndpsS6KY-Pb5e9GN7QEg7YgyQnLFxftkqksjI3yK6rhCI9yj3pxLd-y0tXNlcmxoc3FoypWiNAjQO9kcXKU34wKtBk2oY7UPnmV1n95Z1u3x_H12IwM8cNvA3PsZhtdK3vUIUuzRw7Fnxy0k-9LLZZ5JItd1On6ejBxJcweO3iQyWHhYs2-SczCWQEFjkC7IHuLNmLQN2a8n3Dtrw16bCCjNNcZJKSbSx4rRVENRfL2Fks6OWOqnUZq_1IyOjrk3WNPnEaqxB7_sTV0DkVe0Z5e-_lFX2W377ViEN5cx6kYBUt_6Pu83AFfmZnMR8JgAlQi25vMuERoebOyvJ63pXkD9FIndoL0b0_kP7Zao6WBS_jtuxWwxrLWAPXkeryQCvd2UwiKOVO8LMmG3zRwHFOgodV2r1DkVJfNQ8zcm6FkIw4f7i2QtflvTLtcR3YvQ4-61B5Vz1HrNyAOezcht2vQL1BNYPCwksfqzM-ILUa9ZN9MeDE_TPIDp45Bn6i5UW1eInkUC3COxwg1PJ8wIDlB7ov9zfkaM94PCzx6jbPSTCCAq6gKWtUPrgn7-XqYnmSfxJAcDLKAjyjDM5JOHdY9TOdw8do8ikrGCUubcXCulS2POPPFkQ_-SbLW1_23p7bawYwj5n8boNxOqmfmzeyUGcI09YLkoiY_eLiRy0FhvxW3D-MqgWSaa6jCee2u6ZMp-a0byFFPosJPJlWN9mkoXgSwlIJCTh0i4IdgVs5Yo-GhLpmeOY58cE1a4Kk_VbF8ORd54_8K9BsLF0uclZJ4D2hNCWghRXqpoPLvDplOi4reP42hVF752xBnjh9jmiHQ8UtJpJtxGx0Xzr1KRaagoaiHk4X_u9eAH4qSVVtckeGv-gUyupi2Dn-Og8O1fCfZeyw6TsV_h5P9G0gmogt6Cg6IVixWKIossfP_FBtZGpzgmITvoLbCEbvB9ICsB3gY5f-4uTMRv0R3-3K0d_32zuJgHDSGwBtrMjZyXLdEsjsMaksOX-CXUz-6lfZi-aOCewiqOyzBzvY5GU_mYnwUeOHXrDiRJb8MwNxzZomiz9Zg21BdTOFwnxnufwL6Gzf-x7rOzDNsSQdGbRRvpoBFqzSUOgW4YCMMdfUxlt_CJgVB8hU74UEJIGFnTeqYhYlkWeumS1MSCAHWfGHCLjz53OsfptLA8r0t56RdYxt1nvLKMsl00s4Ec6A0DUaDRdbOYOPblak5lZfYylBAJodgECnVf5T72OCqgqcnla0wnhNuTyyXJdowTzQk_q8axoxOx_O_TpKsLrYA2GEwrnFS2RhGWHSAJ7AhCRha8Obaq5oNeD_tMBvgBQW5NS0szZG-dCovI8hP2QD_c3Bn4Ru79tF5LIHaA97tlfZ_yE5tpVpgCiOeP_ugLHYmDMs04i_uDHibqMvmI_cKSAtrqw4LDMuRNnFVWZdNiZ9WrMna-ntLibflft4AjJLjv4m9dI7uM3EDrwqAmzKa7Q09haXyq-VLwqiEPLDaoHJ3JJuZYMtN0CCQRZoPWt5vLQ8FaVquo84THJYxtEdC98pHpvdI0IoP8y1cEltY1bV_ZKYAiPjHU-jqO8Sr5fDwoiUjeyPD4NqsQ-Ra5OCV9tN3lSwShzl6UAVQI67LvkgHnKIzrsZh92Z4XMC1ka12PxGdm4T9udvoiTilNqAlB7ggt-N1IdS7Fe6-TXLj9KK34hawHOdkh0s-nnCgagMblshWhsPFfkofgFyiWO7Sxwz9G5GypJMgmqau3-db9kkgid8dSp_38OxHUCert3SRcvW7gvlKmCpM4VimiSzni3BsC4jdeHet26xNBOlxv_F28PznEw9toSvikKBo4_JOQD04Cp5wn3dgBzw3C50c2kDmMBZni--IvT7Eq72LmnlBaOFJVW4oycqZesmhgrsdEyhe3knpgnrKpHny6W9lwxKw0I-u28kZ_iTLvoMNckR7hjtM_-ABb-dFeNv_sujWpkJpUgczxjXcfXMETvjDeyF_Qm8kXGrXZootDV4nbr63RZvDGPOTDCUWYSjyvPVKmZoNJHWp2LDmzT6LN45v4H-ymVj4eyORgVHfrrpcuWtp0mlM8ASJYMC3JY-B_IwwQJO7X0fBm4zxt2hN-MlrLMpo7JslxYC98tXtClHNWwYv_UTFxEvPBzBREWKCCxnpgmmSEb_sOSAwwXl_1Zp4FYIdR1lJ5kQflZipMvZhKnQK&cid=CAQSKQDICaaNn0gtA8qA1JkpeZXI4v2F901YlwO8AS1_w1F0ZJhiHUaRSAY5GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=10116856231078773000&adk=676413724&idt=88&cac=0&dtd=153

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aa4ef90059145b095fd76b1ce617eaec34bb67a23f23ac69cb719a08fa7455c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1239 0
127 B 35ms
34ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 6709 0
127 B 44ms
43ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=qd6DSpDZyF97KwbY1yp-xXODrWwW_RUT2-J3OXNHy1P_VmTij4ci27RUbIgRhCorB9NYSXP7NphLE8yGLww-tpsRX44B3p-bs6ULqEMOaP3t1J8KVp6aQ1XsjoouRa4LNDFLlKVt9ZuP4dW3X8X_ghGVrqQG_jh_JFAVST9k00FqIX7Z8pPxxAUKYcQdGHcBAnGnHpipGeS8L0_dXHFFMSdGTcaoAecISGnNRoYfVD6yIO7G_LaxgmFSDhBahbQwRROQew&sds=2&rev=88684&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:14 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 6709 2 KB
1 KB 40ms
40ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 6709 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231002/r20110914/ Frame 3F4F 30 KB
11 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231002/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AH179C3s5tMw9MKyhag1gkpnt5wFUIRvIrK1vC352L2n1gSrKixoFxDefVuL9Wvsd2yII9zEIBd3oztY-nrnKcarLR6idyqjLZzYZsmVfyhG1jRkcRYLvFUgI1NhyGwHLLoXqLbCM0kKjWG-XelVbXwzLTe-9lbQJuJC-rTW1ysVs2ybw&cry=1&dbm_d=AKAmf-C5qNb1070iD0VIn8xYoNlnn0wgkeF6wOsQKdAMu30wNHTZv26sISvJhTO7Z9AE4fk5q51pN9GqZPZ8XpCW1GX72i1O-7TQitsAiBcCtNGRVA-eVVCEkfuL2-B898L6lt8cayB2J9NvnwAhyBCgBv5fHcanVPWPMCsPpjo4rKsA-JQEMNtJjH0Z2F2Q9QdwAzYIyBddDEuRfXI2hZm9Iy2M4AY3cHJDvaCcxwSpEaHkD4Woh8MDmRbPHLXjZQ9yBa3aZ2apBHBrijKXxPFIci5xE0T13eR9i-M_B3Rl8eGO60uiY10VudR4W3Fd0V1FXS8MXvwLE7ahxNEy-SwSAsZZ_RGD_xOEWAQJAmwjxsmGr4F5_znOecsobQewGVHKctaP7nO6VCRuMfBZvGTHRXeNRL2YC45REupYWE71TkWZ3TVYV-WK1BL7nbgKlHhc1wwo_3pKyzLycjG4ZHa53cXoEiv_U7KwxL6NLjc5JlBlW6ptT_y7IS2zDc20Wm0lbZZWz28sCVqiHf0Hv0Ctia6XbhjuDH2VI8DAW01FAFsZjEKwJWGJgz3RPeoPShOQNn-37NGc7WAMmgKsw0j6yQ_w3WxI-f2mNefri_L3_Ge1-LLrVYCqb3llAE2jDaZ1owZpdPFKRXuV7v47JPsjTEgJgJ84okSS5UM9v2FFmPAHhhlWPoJfSWK0YBDAIHQ8tuESzl-CisjDCOqTtWVr7NXCXDR4dbtO5ziEnCATkSzJwrwTflE8BcNacuzqjN-bM1YkaPcYUDehWJBE1ySrZIwYL8tiQBx-vp8N_-bvSp6pxME0cnlc8nU4cyEo7yqmy2uvQ2FIQoEaEEAiggDiPh_CH_xxX9SCgWuYDT1E2O7GYpC4uH3sRb54cFXYyg6yqLqNS30tUwJW1VrGqNtFHvIDwTppk-thtTndRI6ZhnGayBCEJyizNLEgTACNMTNWGS41olh_PWRyl_S5v-ZsssRALnnr-rPd3fW4CB7zCl_sc-ojA0nW7mkGg221g64ZyegQMUSNaCG3F3OBiUQXKia3fAgtqDwNPAE-4iVyCaAJ7BGL2GrdQMjDibHxHq4KAjpLYF5T7QGopK04gkHFtvVoE6nNzBh510jQpq9Ww5eOywY0vVI-6wXtOLKgIIPW_pAnJGcaPVLcYHG1sGGBERUeFsbQnvtixS7oDUxi2zYyY3geVJznMhur4fSgBYIF1hRQ0P2N89LvG-ueURVdkevXshZEaJSn65-1RllJPChDnQBIeKETk8aHODvV3-lornlqkA5lvf7GKMtSCkS__GcED1G_-MWb3iWUQm5fkZKQqov_N8JulcNVOdC-NyXQuR-7gb9zHLdeM3KaBpe8jxOysyAdBsFKX3tVopVNkbBn17nywBxG-Wefu_-ZyVWrkI35tipyPHsGN42arjExstPCuvzBhamN3ndpsS6KY-Pb5e9GN7QEg7YgyQnLFxftkqksjI3yK6rhCI9yj3pxLd-y0tXNlcmxoc3FoypWiNAjQO9kcXKU34wKtBk2oY7UPnmV1n95Z1u3x_H12IwM8cNvA3PsZhtdK3vUIUuzRw7Fnxy0k-9LLZZ5JItd1On6ejBxJcweO3iQyWHhYs2-SczCWQEFjkC7IHuLNmLQN2a8n3Dtrw16bCCjNNcZJKSbSx4rRVENRfL2Fks6OWOqnUZq_1IyOjrk3WNPnEaqxB7_sTV0DkVe0Z5e-_lFX2W377ViEN5cx6kYBUt_6Pu83AFfmZnMR8JgAlQi25vMuERoebOyvJ63pXkD9FIndoL0b0_kP7Zao6WBS_jtuxWwxrLWAPXkeryQCvd2UwiKOVO8LMmG3zRwHFOgodV2r1DkVJfNQ8zcm6FkIw4f7i2QtflvTLtcR3YvQ4-61B5Vz1HrNyAOezcht2vQL1BNYPCwksfqzM-ILUa9ZN9MeDE_TPIDp45Bn6i5UW1eInkUC3COxwg1PJ8wIDlB7ov9zfkaM94PCzx6jbPSTCCAq6gKWtUPrgn7-XqYnmSfxJAcDLKAjyjDM5JOHdY9TOdw8do8ikrGCUubcXCulS2POPPFkQ_-SbLW1_23p7bawYwj5n8boNxOqmfmzeyUGcI09YLkoiY_eLiRy0FhvxW3D-MqgWSaa6jCee2u6ZMp-a0byFFPosJPJlWN9mkoXgSwlIJCTh0i4IdgVs5Yo-GhLpmeOY58cE1a4Kk_VbF8ORd54_8K9BsLF0uclZJ4D2hNCWghRXqpoPLvDplOi4reP42hVF752xBnjh9jmiHQ8UtJpJtxGx0Xzr1KRaagoaiHk4X_u9eAH4qSVVtckeGv-gUyupi2Dn-Og8O1fCfZeyw6TsV_h5P9G0gmogt6Cg6IVixWKIossfP_FBtZGpzgmITvoLbCEbvB9ICsB3gY5f-4uTMRv0R3-3K0d_32zuJgHDSGwBtrMjZyXLdEsjsMaksOX-CXUz-6lfZi-aOCewiqOyzBzvY5GU_mYnwUeOHXrDiRJb8MwNxzZomiz9Zg21BdTOFwnxnufwL6Gzf-x7rOzDNsSQdGbRRvpoBFqzSUOgW4YCMMdfUxlt_CJgVB8hU74UEJIGFnTeqYhYlkWeumS1MSCAHWfGHCLjz53OsfptLA8r0t56RdYxt1nvLKMsl00s4Ec6A0DUaDRdbOYOPblak5lZfYylBAJodgECnVf5T72OCqgqcnla0wnhNuTyyXJdowTzQk_q8axoxOx_O_TpKsLrYA2GEwrnFS2RhGWHSAJ7AhCRha8Obaq5oNeD_tMBvgBQW5NS0szZG-dCovI8hP2QD_c3Bn4Ru79tF5LIHaA97tlfZ_yE5tpVpgCiOeP_ugLHYmDMs04i_uDHibqMvmI_cKSAtrqw4LDMuRNnFVWZdNiZ9WrMna-ntLibflft4AjJLjv4m9dI7uM3EDrwqAmzKa7Q09haXyq-VLwqiEPLDaoHJ3JJuZYMtN0CCQRZoPWt5vLQ8FaVquo84THJYxtEdC98pHpvdI0IoP8y1cEltY1bV_ZKYAiPjHU-jqO8Sr5fDwoiUjeyPD4NqsQ-Ra5OCV9tN3lSwShzl6UAVQI67LvkgHnKIzrsZh92Z4XMC1ka12PxGdm4T9udvoiTilNqAlB7ggt-N1IdS7Fe6-TXLj9KK34hawHOdkh0s-nnCgagMblshWhsPFfkofgFyiWO7Sxwz9G5GypJMgmqau3-db9kkgid8dSp_38OxHUCert3SRcvW7gvlKmCpM4VimiSzni3BsC4jdeHet26xNBOlxv_F28PznEw9toSvikKBo4_JOQD04Cp5wn3dgBzw3C50c2kDmMBZni--IvT7Eq72LmnlBaOFJVW4oycqZesmhgrsdEyhe3knpgnrKpHny6W9lwxKw0I-u28kZ_iTLvoMNckR7hjtM_-ABb-dFeNv_sujWpkJpUgczxjXcfXMETvjDeyF_Qm8kXGrXZootDV4nbr63RZvDGPOTDCUWYSjyvPVKmZoNJHWp2LDmzT6LN45v4H-ymVj4eyORgVHfrrpcuWtp0mlM8ASJYMC3JY-B_IwwQJO7X0fBm4zxt2hN-MlrLMpo7JslxYC98tXtClHNWwYv_UTFxEvPBzBREWKCCxnpgmmSEb_sOSAwwXl_1Zp4FYIdR1lJ5kQflZipMvZhKnQK&cid=CAQSKQDICaaNn0gtA8qA1JkpeZXI4v2F901YlwO8AS1_w1F0ZJhiHUaRSAY5GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=10116856231078773000&adk=676413724&idt=88&cac=0&dtd=153

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 18:24:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68789
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 18:24:46 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3F4F 41 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 522287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 870E
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1&google_push=AXcoOmQVh91IhsRpG5UhpcRAdGQ4mLfKsvg7S4N9aEysIuO8Mxsinn1FkEnk6nVCbcDOOmqoJ41QYjVW1eJYurXw0iqzUMgBniuGN...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=OTE2MTEwMDI1MDAwODg1NDQ0NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1

43 B
398 B

61ms
31ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEMubbO-W3aJKoyYDjmCplSg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 870E 43 B
363 B 104ms
31ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTU8I_e7iNqaDJUKQCbgG48FNL6oWpFaqOjAduv3tWa9ylfaTlMM4JJTXtE-wSoLni67V78WkBIu4pmTiFD0QgYqhypZQLh8QxMJNRbHO3S4YhQcOoHCjhaKobfadTXMO92CQ1SE7yPb4DvCVEJTYQg&google_gid=CAESEH03JWzD8k7ygGZrTcfes2k&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 185687
expires: Wed, 04 Oct 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 870E
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEO1KcNU3MmoE8keN-XmuzsM&google_cver=1&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEO1KcNU3MmoE8keN-XmuzsM&google_cver=1&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOY...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5MTUyMjgzNDYxMjg2ODIxMA&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7...

170 B
188 B

62ms
42ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5MTUyMjgzNDYxMjg2ODIxMA&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d5rabqMG4qp_MLYNXWJ7E0iFTB9RxnIB2P1lJD7EFJMX1TGNgR0AHDvsGSvvbaY6anW8hcBcLxWot

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTA5MTUyMjgzNDYxMjg2ODIxMA&google_push=AXcoOmRvUey1tKtbmfC38J7px9BXoGBHEuvIvirNAfz2IuyT5fp36YP-RduZTBmKq6ZOULdmiOYFM7-d5rabqMG4qp_MLYNXWJ7E0iFTB9RxnIB2P1lJD7EFJMX1TGNgR0AHDvsGSvvbaY6anW8hcBcLxWot
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 870E
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEMLgkLkNZDxH3XOdyNR20yk&google_cver=1&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5k...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5kqVmZKCCXvSU0VhInFLAXz5MWhigLp8nzV...

170 B
188 B

89ms
88ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5kqVmZKCCXvSU0VhInFLAXz5MWhigLp8nzVPu2M_wJEP2tsNDdBqQ5ffH&google_hm=rDb0ms7rylokntk20iuOfw==

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmTG-bxGu7MFGfmR_kMP8zb9zQKaKHwosa_Xo7DNdsj6MgYwahsedwiwH1rfJEXGH5MAYtinpecD-JfnMgD0TPAwf1o9-zf5kqVmZKCCXvSU0VhInFLAXz5MWhigLp8nzVPu2M_wJEP2tsNDdBqQ5ffH&google_hm=rDb0ms7rylokntk20iuOfw==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 285

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 870E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKYRWiXPvlQwc7Dkc8ck_wE&google_cver=1&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKVFotNS1GS0VM&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu6uH29VsNKEBBOH991jwxlF1K5nRGWW...

170 B
188 B

91ms
90ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKVFotNS1GS0VM&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu6uH29VsNKEBBOH991jwxlF1K5nRGWWEOQo8s2ifxN7LJwm6ve7QNzse4DvBU8Np-QieY6VkJEuNJs23PN

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5CU0VKVFotNS1GS0VM&google_push=AXcoOmRlOkoTdYagqrxzuibC-sl2Ri8wdNZhZ55iK-gao3dI6anp3WYjIqlve2fXjQN5-y_YjSu6uH29VsNKEBBOH991jwxlF1K5nRGWWEOQo8s2ifxN7LJwm6ve7QNzse4DvBU8Np-QieY6VkJEuNJs23PN
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: aca6c52e983509e86b136a052e19be23
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 870E
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEGNtkfJdRaSkDx-az6J6XH8&google_cver=1&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3PNIHMYSaUi1FUTIMdGLYeXBfLpQicF8O9R6LVgrSBvGBfxqAM-4fpsOuMQZZKwt_lDsdJfml...

170 B
188 B

76ms
57ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3PNIHMYSaUi1FUTIMdGLYeXBfLpQicF8O9R6LVgrSBvGBfxqAM-4fpsOuMQZZKwt_lDsdJfmlzJoVzDtlE5A5XvDWVzO9EMqZARNqA&google_hm=QlMuMDBmZS0yN2M2LTRlN2EtODhkZA==

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS-zVZp-y4jvYVcc2llFuw6Pr4KZzmntfj31hlReFGsECsQNfAA3PNIHMYSaUi1FUTIMdGLYeXBfLpQicF8O9R6LVgrSBvGBfxqAM-4fpsOuMQZZKwt_lDsdJfmlzJoVzDtlE5A5XvDWVzO9EMqZARNqA&google_hm=QlMuMDBmZS0yN2M2LTRlN2EtODhkZA==
Date: Wed, 04 Oct 2023 13:31:16 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 870E
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEFNcL4s50...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEFN...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=6492f71b-32ce-4caa-bb79-7b534a0a6bd1&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

62ms
42ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=6492f71b-32ce-4caa-bb79-7b534a0a6bd1&%%GOOGLE_PUSH_PAIR%%

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=6492f71b-32ce-4caa-bb79-7b534a0a6bd1&%%GOOGLE_PUSH_PAIR%%
date: Wed, 04 Oct 2023 13:31:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 870E 0
12 B 30ms
29ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lyi9MiMiB8xq6g-5BeF13QE6BSNj04Y_7JKUNeOEVrxYzurZwEkgIaetsSQWeusLLEBFsKTao

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 b113c14be1be4dbda4ef71cee8de4dfc_casanspro_regular.woff
static.criteo.net/design/dt/ Frame EE34 56 KB
56 KB 205ms
66ms Font
application/octet-stream 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/b113c14be1be4dbda4ef71cee8de4dfc_casanspro_regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ba98e735ce0f8021ed850e1cfd1e5f20049e17ac90b3bea352b04324d045c233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 24 May 2018 07:59:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b0670fe-dec4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 28 Sep 2024 13:31:16 GMT

GET
H2 200 banner Show response
ad4.adfarm1.adition.com/ Frame 3F4F 19 B
400 B 37ms
36ms Script
text/javascript 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/banner?sid=4787112&adjsver=3&fvers=&iframe=1&ref=https%3A//b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/&ro=https%3A//9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/89.0.4389.72%20Safari/537.36&os=17&browser=11&userid=0&wi=1319318312&ac=1&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmAupIGkdZYK6MtOU1PIPtoqFyAr7vYusc7%2Df6LGIEdq24u%2DaOBABINPLzjBg9ZXOgeAEyAEJqQKxNu%5FmtpexPqgDAcgDmwSqBO8BT9DRYl6F%2D9FD479Dz8a2mmduHpsA0S9JkZ0gtBE7bx%2DbRPV9rkkDOyshSM9LJKktOeV3iw26s6mr7zvX5IpFmHHi7bzfNoFzWoG2wGJJZR%2D9VEP4lmkDE0fPS9oosQoxYrVSEA3XxIcEbangbQJfXmWepGP9gn1hubz1TqU8Iu%5Fo200egNFkTrsEPR9SIEa7vLJH4RTyhhJUcb9lODcGP%2DImrt%5F5esrf391M89emQqfFtBfnhBTJab65Gu37kYxzv4ziUvpu86hqcNolmQ5GaKGJxA6bd7IfgyXPRy6JH16WDiD%5FLnVIV0z6tanD1P%5FABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB%5FDrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH%5Fp6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH%5F56xAqgH35%2DxAtgHANIIFAiAYRABGB0yAooCOgKAQEi9%5FcE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI%2DqKDq8DcgQMVUwpVCB02RQGpsBOq44EV0BMA2BMKiBQB2BQB0BUB%2DBYBgBcB6BcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaNn0gtA8qA1JkpeZXI4v2F901YlwO8AS1%5Fw1F0ZJhiHUaRSAY5GAE%26sig%3DAOD64%5F1LMbd3ruidZGd8Ge4ia7BBviFZRg%26client%3Dca%2Dpub%2D5884294479391638%26dbm%5Fc%3DAKAmf%2DDmStS%2DCXbk4xmqnkn6MwAE23wBUlMnEHg54r%2Dj%5FHKVtX3fwacgCjUy1k%2DBBiNscrUhWrZ99pO2qbGU6%5Fc%2DE3maw7RNCTnD2ZaBMRsHmtfFgttlNUn%2DcLeHE0DkDLnGSbwQC1hZ8WBL1IAE09ztuCjhlbkSir8wTEa8de7h7RLMXcHsbnU%26cry%3D1%26dbm%5Fd%3DAKAmf%2DArQ5AyuVTIF5nlcxLsZ%5FGbbtlh0pnM8pDadNNZrWQ8zvnD8hgJTuIrPKW850iUmy%5FiyRghtFsXLSulFgG%5FInLqIj2ddG4M7w5VI7fQ7itexO8xIbO6VAYCpxjNb8SxUT4fHtTBWE3hLTf7Z16TA83yRhqhp9neDXbJp5UmB6sl56rQ26hnNFvZVwjHZvBySogVL5W4NQZtoPcMWh83Skno2BwZt7tWqspQNYlXoOkW1aIcsIDroAUPfSexAE49wB1rLCH%5FVrRB%2DW2ZECdmk3mI1IXwpqEvbmJRuwFCyUgSzVUqx%5FKOJ2i%5FPOHH6HVGmeY62M6knNgMcDuO1A79myAXC%2DGASET7Zd%5F3%5FLcgXyERPWhgc5tQn5wpksfo29N8ATqmhd%5FLZh8Q16L3QNc%5FNXf5Sif5xuxftgz1ls0r9Z11TYK5oax1InvsvmvSPjsF6H7fWF3lemP7kNsmav%2DQoUoaNEKjafF5aL5aaye%5FUUAfmcUZu2JS6A2RRvTb%5F7uB99Qg%5FkNr4embSkE2xij7iQBeItYIsRHjNjVsgAyO3opj%5FzQU7YQmQae1OowDQ4x3%2DZRnZ%5FbpNYDyzWreWFl5exa6j8t7Ig%26adurl%3D&gclid=EAIaIQobChMIgsqEq8DcgQMVUwpVCB02RQGpEAEYASAAEgLdhvD%5FBwE
Requested by: Host: ad4.adfarm1.adition.com
URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CmAupIGkdZYK6MtOU1PIPtoqFyAr7vYusc7-f6LGIEdq24u-aOBABINPLzjBg9ZXOgeAEyAEJqQKxNu_mtpexPqgDAcgDmwSqBO8BT9DRYl6F-9FD479Dz8a2mmduHpsA0S9JkZ0gtBE7bx-bRPV9rkkDOyshSM9LJKktOeV3iw26s6mr7zvX5IpFmHHi7bzfNoFzWoG2wGJJZR-9VEP4lmkDE0fPS9oosQoxYrVSEA3XxIcEbangbQJfXmWepGP9gn1hubz1TqU8Iu_o200egNFkTrsEPR9SIEa7vLJH4RTyhhJUcb9lODcGP-Imrt_5esrf391M89emQqfFtBfnhBTJab65Gu37kYxzv4ziUvpu86hqcNolmQ5GaKGJxA6bd7IfgyXPRy6JH16WDiD_LnVIV0z6tanD1P_ABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB_DrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI-qKDq8DcgQMVUwpVCB02RQGpsBOq44EV0BMA2BMKiBQB2BQB0BUB-BYBgBcB6BcB&ae=1&gclid=EAIaIQobChMIgsqEq8DcgQMVUwpVCB02RQGpEAEYASAAEgLdhvD_BwE&num=1&cid=CAQSKQDICaaNn0gtA8qA1JkpeZXI4v2F901YlwO8AS1_w1F0ZJhiHUaRSAY5GAE&sig=AOD64_1LMbd3ruidZGd8Ge4ia7BBviFZRg&client=ca-pub-5884294479391638&dbm_c=AKAmf-DmStS-CXbk4xmqnkn6MwAE23wBUlMnEHg54r-j_HKVtX3fwacgCjUy1k-BBiNscrUhWrZ99pO2qbGU6_c-E3maw7RNCTnD2ZaBMRsHmtfFgttlNUn-cLeHE0DkDLnGSbwQC1hZ8WBL1IAE09ztuCjhlbkSir8wTEa8de7h7RLMXcHsbnU&cry=1&dbm_d=AKAmf-ArQ5AyuVTIF5nlcxLsZ_Gbbtlh0pnM8pDadNNZrWQ8zvnD8hgJTuIrPKW850iUmy_iyRghtFsXLSulFgG_InLqIj2ddG4M7w5VI7fQ7itexO8xIbO6VAYCpxjNb8SxUT4fHtTBWE3hLTf7Z16TA83yRhqhp9neDXbJp5UmB6sl56rQ26hnNFvZVwjHZvBySogVL5W4NQZtoPcMWh83Skno2BwZt7tWqspQNYlXoOkW1aIcsIDroAUPfSexAE49wB1rLCH_VrRB-W2ZECdmk3mI1IXwpqEvbmJRuwFCyUgSzVUqx_KOJ2i_POHH6HVGmeY62M6knNgMcDuO1A79myAXC-GASET7Zd_3_LcgXyERPWhgc5tQn5wpksfo29N8ATqmhd_LZh8Q16L3QNc_NXf5Sif5xuxftgz1ls0r9Z11TYK5oax1InvsvmvSPjsF6H7fWF3lemP7kNsmav-QoUoaNEKjafF5aL5aaye_UUAfmcUZu2JS6A2RRvTb_7uB99Qg_kNr4embSkE2xij7iQBeItYIsRHjNjVsgAyO3opj_zQU7YQmQae1OowDQ4x3-ZRnZ_bpNYDyzWreWFl5exa6j8t7Ig&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 15:31:15 +0200
server: ADITIONSERVER v1.0
etag: 7286095371225861130
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
content-length: 19
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7548 0
19 B 103ms
102ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CI1hKIWkdZcT9JrLWtOUP3v6A4AjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAtFd-LytnLE-qAMByAMCqgTHAU_Qf38PahucrwT5t-f8WPvYKW_R4UndUO_83-dA8qlGd88a4Q1Zkp44Ys6Xc0MUod-CW0QSZg_62fxHAbCekgXS2n8j_gOuFyEnFXZFLhuNyhYZG1xlP5gqDNnh0Upq07o4VwgOY8lknqWXMAsr21Dv4h_mv6XHmNyz_o5fKIZDXL5E6ZxaxBk3xUP27CMi5uPAhCQv2xsE_81ZQvrr8Mdo4x2SMPf61xlAaG2bVnUSQr26jwMA_3d1kEcCFA7p_cSD45wLmK6ABrDgh7_Q1tW3DKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTqACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTg4NDI5NDQ3OTM5MTYzOBiZ0iE&sigh=BXK4EyT6mrs&uach_m=[UACH]&cid=CAQSKQDICaaNeMNysvqsQ1M31KzESrvmQOfqxlC0Cly5LPtvfx3NeXiZFbNwGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=280&slotname=3654094576&adk=229048865&adf=3173046730&pi=t.ma~as.3654094576&w=336&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426271199&bpp=727&bdt=954&idt=2080&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31078362%2C31078301%2C31078420&oid=2&pvsid=2989584093160384&tmod=172839782&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gzck6unoo827&fsb=1&dtd=2294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 04 Oct 2023 13:31:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 7548 0
125 B 64ms
62ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k6qtEYbWC9ACmAKdg2ICAgAAALFn8QmqTG_wDMZfJgivy4YQIWkdZUFTJ9dluFiHOuAAABIAAAoKQVFVQkR3RUJEdw&wp=ZR1pIQAJvsQGrSsyAAA_Xgh4eSusAY8KNpT5BA&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:15 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 163647
server: Kestrel
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DBE1 22 KB
8 KB 106ms
68ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 522288
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DC61 1 KB
649 B 104ms
68ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 20151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3F4F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f3e52c7830e93eb3e0c14e80c51b8356efd77cb3b258c4a613a64b853cafc6e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D91 0
0 95ms
94ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty3Da2mh4IZLlBN2iX2g6I6m69aVBBw99TlzEI4mND5XdzK_nc_6hP03cqwyQYOI92ymoJ0jSeOkup-L9-8i3AHjATGuqf5qoZCCURUcDETDh8EnmgA6QTWE2q0R8Q6GTAfgSZAqxJPS9nW7JGAYEdaSrz4amdmFA-kbZQ-rMhcxC8aQ_7sSJwB5h0_-tb3jaEtYDFOC-hs1Ns3tmnP6mSjd9U70I9qFodkR0wgm4mLTz_WN_7tHQ2-LaLwayXZvTafIttgi1sxScs5NH-WV_REJDWgQ6yN2ZxpRoFyU7_7US8hEM0DswI70B44nou5UUTuzN7e5lflL1goBlVf_zYoBCBiGwQ3zCWMUkaL14&sai=AMfl-YRubJZE9tmkmZZylXDWsPzBJ2U2EGRg9r0fe5odJeYwZC17P7UawQPGntcPDcGjsn7o7QWqlQSnEbN2TW8&sig=Cg0ArKJSzB8eDgC9KCjvEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6D91 16 KB
12 KB 94ms
93ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231002&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7ad06c458fbb2c2f083fc4a663c99d5e06947c23c6b84966091fe61526a52a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12139
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E480 0
19 B 97ms
95ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cl1fiIGkdZZy_DejVtOUP0f-o8ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpArE27-a2l7E-qAMByAMCqgTGAU_QBLVKrQUSXN7HUkACmIp9oXUcuw_Yg6in4PesbXHjT1YU9VTHER-vnTtPkg1R9dKvlY3LaoF0-LPqRWMTMUPapvphhtrTK8yuna5HfWWVXEkvBHWGskxq4L8bqj1v__UymGdwURZ5ZnWIriI5rsKJaXUG4j3yoYMcJ0M3rfIFvyIAdwkxS_CxTkXe9iajjYzfuxVLymuJ9-qnEB17g_C4hu66RPnzYGXLOmG8_0kbWwwkKUmDc7q55drvCb79XKl4qhlxUIAG59C6h_zX6_pFoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=S44KZPC52ic&uach_m=%5BUACH%5D&cid=CAQSKQDICaaNTSjjki7A3TxXFqGuZpMhCA1LVMHFmLrhWsMt9ZDxVWP-1g_WGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=482000826&adf=3173046731&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696426270627&bpp=639&bdt=943&idt=1428&shv=r20231002&mjsv=m202309210101&ptt=5&saldr=sd&is_amp=1&correlator=3936&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1537107407&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759875%2C31076838%2C44801485%2C44804684%2C31078420%2C31078423&oid=2&pvsid=3081292051479153&tmod=1806547552&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.33dtseo6md0t&fsb=1&dtd=1476
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 04 Oct 2023 13:31:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame E480 0
126 B 145ms
40ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k9_uErbWCawCMp2DYgICAAAAsWfxCapMb_AMxl8mCK_LhhAfaR1lhVv0nHlykGlnswAAEgAACgpBUVVCQVFFQkFR&wp=ZR1pIAADX5wGrSroAAo_0cFeqqwIlJXw0-ErbQ&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 194221
server: Kestrel
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6D91 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEHcrTMhz11A90Up7uTHtHpg&google_cver=1&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmH...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmHjTMFkYIMMsUSdq9AomQ

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmHjTMFkYIMMsUSdq9AomQ

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmTuMGnqKod3rVDDSHaGD9JumXBjRHuWMIlSFbT3hk3ACmnjNqqv0s85eIkla3ubYmml6ULdXsH2LmHjTMFkYIMMsUSdq9AomQ
Date: Wed, 04 Oct 2023 13:31:19 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEJJ-8bBNoF_4U3-YvtNC2Mw&google_cver=1&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy-v5UrlLW0cBTUWm5Q
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eVlPMENNeTJEUk9DcGZ2eEpXa2RaUQ%3D%3D&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy...

170 B
188 B

93ms
84ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eVlPMENNeTJEUk9DcGZ2eEpXa2RaUQ%3D%3D&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy-v5UrlLW0cBTUWm5Q

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 04 Oct 2023 13:31:17 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eVlPMENNeTJEUk9DcGZ2eEpXa2RaUQ%3D%3D&google_push=AXcoOmRKKeaa9VohmvX7P1Qhl0ysx_HxYJa5ECwBhVqMs7dHI-sp4upDhngw-Y7L3NYwiaeIiU6wxqvAur_uy-v5UrlLW0cBTUWm5Q
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 245

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAL31NYG8runoQCYH0Fa9Yk&google_cver=1&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4MFB4M&google_hm=eS10ektjdjVaRTJwSGlLYl...

170 B
188 B

37ms
36ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4MFB4M&google_hm=eS10ektjdjVaRTJwSGlLYlZVYUIyeG1pdnY1TjlZOG0uRn5B

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 04 Oct 2023 13:31:16 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSurQGJ6kuC2IdjZZDuwL4HbJJus0KZ6EtAKnhr4C3uAPzrAfihh7uyeY0_zcrjOMeCI_6QurmZ2Hvt50RYUF6ueV4MFB4M&google_hm=eS10ektjdjVaRTJwSGlLYlZVYUIyeG1pdnY1TjlZOG0uRn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKcNodsxI1HStj9Iw9gEAtE&google_cver=1&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKcNodsxI1HStj9Iw9gEAtE&google_cver=1&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF&google_hm=HbgrJGZHK0iJaQMRT9C-lnwn

170 B
188 B

35ms
34ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF&google_hm=HbgrJGZHK0iJaQMRT9C-lnwn

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 04 Oct 2023 13:31:19 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmR7VjeBB19JDIxT2PPJik9fwO414xsHxLFliGY7ptwWdTQeFmr0k2_vKrhdUhA-SUSGjBW3o-IeOA23Hh8VT9ClpVivS5WF&google_hm=HbgrJGZHK0iJaQMRT9C-lnwn
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOiC4unFjtbUzjCbKEoN3A4&google_cver=1&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTUxNjQ4NDk3MjIzNTAwMDE0OTI3OA%3D%3D&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yF...

170 B
188 B

46ms
46ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTUxNjQ4NDk3MjIzNTAwMDE0OTI3OA%3D%3D&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0rVw

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTUxNjQ4NDk3MjIzNTAwMDE0OTI3OA%3D%3D&google_push=AXcoOmQoK7K3DzYqtwReoM_jW1pCLulS2uoIY1P2seE9Ysvx0GM333yFMD-MNmj_n7JUbAoYDG7l5F8JM7Ukk2lpglayFEeXdD0rVw
date: Wed, 04 Oct 2023 13:31:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC61
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEDVLjfJMp72lV8z6HkUhqxI&google_cver=1&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9...
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ&google_hm=WlIxcEpjQ...

170 B
188 B

34ms
34ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ&google_hm=WlIxcEpjQ284WVFBQUJUcnhkWUFBQUFB

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Wed, 04 Oct 2023 13:31:17 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=google_ebda&google_gid=CAESEDVLjfJMp72lV8z6HkUhqxI&google_cver=1&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ","cluster_id":0,"gdpr":false,"ipv4":"195.206.105.132","key":"ZR1pJcCo8YQAABTrxdYAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40311"}
X-SO-Key: ZR1pJcCo8YQAABTrxdYAAAAA
Server: nginx
X-SO-Upstream-ID: a-ad40311
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmS1BM0CKXhWtbQ4iNLeyMJq2sTB-X9gR13iN0hu7xXJy-2b4Yvda6kLcDMSOjRXQCmFj-GH9duh_lu2z3rv5peHYudIrgaruQ&google_hm=WlIxcEpjQ284WVFBQUJUcnhkWUFBQUFB
Cache-Control: private
X-SO-HostName: a-ad40311.dc2p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 3
Content-Length: 0
X-SO-LB-Hostname: m-tgng32.dc4p.scaleout.jp
X-SO-IP: 195.206.105.132

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame DC61
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEJTxU_MVmUJdQkQo_2E1oOU?ext-param=AXcoOmQA3-tPMTSkl5R3BVQE-DwCcSMP6CNen3hw0ND20rJQtWNBeBvO6FJpeDKEz4kNsfy3Wc6Z1HzXuXYPhviDm7riMXmHHimhfw&partner-tag=yandex_ag...
https://an.yandex.ru/mapuid/google/CAESEJTxU_MVmUJdQkQo_2E1oOU?redir-setuniq=1&ext-param=AXcoOmQA3-tPMTSkl5R3BVQE-DwCcSMP6CNen3hw0ND20rJQtWNBeBvO6FJpeDKEz4kNsfy3Wc6Z1HzXuXYPhviDm7riMXmHHimhfw&partn...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEJTxU_MVmUJdQkQo_2E1oOU&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
144 B

88ms
88ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Protocol

Server

2a02:6b8::90 Ulyanovsk, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Wed, 18 Sep 2024 13:31:16 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DC61 0
12 B 49ms
49ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JN-9IgimFYzlqIoeTH97XAv4rWL6TkeWeX4GDyuzrfslNY6mAG6xpwBl5DdqZcaIrKXaACaQ

Requested by

Host: 9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
URL: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FEEA 0
0 80ms
73ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0D123mQp2VkiRuzHHRNwF-GPzMaB9oqmqo-dL5MCvm7A6V2ByRVypYABd_TlYp1wEYLBJ1uNftQ8qi3jicEahpbeZ_CCJJCfI9VIO58ShzMAeMQfomlfH6O4SYQWGBTrtBY8EgIv3Lms0cfqvtd-lyVwSh03gp8q9SEHCI1IUj0u0euLg2NK78A7_RtfclSexzv3KVZ0iUKllj42a5fEKhqQ5sMwG1y01I8J_7OexeLIsaGZRHP742ADTWwWnWQN36BlmRTmatwrwHrMjPfKjvNtwD-SvO8ZVRA4qmBTRGmcLDnp_p2rfgZhU3Ekgc26NNp5zy0LnxKWFWJJRed9e8lv__dhU2aiACrcA7fOY1q8ITaM&sai=AMfl-YRjU0dtyjPBW23XWeoc6JWzHERfimahU2fE7ipXWgnshcK1DSPBzI6f6qc372ygUrhR15bg1PpaeJZBTSY&sig=Cg0ArKJSzMAop4EYb2cqEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FEEA 16 KB
12 KB 96ms
90ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310020101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/pubads_impl.js?cb=31078496

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6816c7f1a5d72688da24d08a58de6adfe756bc49dbab3c9de05757389bde861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12196
x-xss-protection: 0

GET
H3 200 fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response
pagead2.googlesyndication.com/bg/ Frame DBE1 37 KB
14 KB 58ms
37ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 19:38:27 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 65B8 0
0 82ms
82ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqf2iXQQjAI8JiHVuQOig4OiTXEr_y2cF0ctWK5tPmcZmRNfOfLfjbUUcTmTHxZ1SDxsMwRS0zb8CELJ0xF3XHm_i54jhbw9I9iVURcejzyVYmEDtWJmJTvnoDGARTXWQuVkBZezlwAqWgtcU_1_pf621AuJlBgGXoMBdueCJV3EjcVEQBpwjW91-My8pCQlpuqYDBv8yG4LWYreDV_cXqmZLzHptO9iimsKY7vY3w8890K0PoVGFclR6OFCck57057L08x79e2QsU0XKevDGF2zM9Auj02wDBmzhXoDVnf3PpHUHWgb4oZpDDxzpPRnTM2Z94Ix17Gxb4E22pnShXJNP4Gqtr-DTGas3GYhU&sai=AMfl-YTGIZyrBkOrOdCpmX0EDhBqBrJlA91ZShhPn7QTevodbEeOubgfxH9aOX3DnTrOBKPW9pShAbvMG48OZfs&sig=Cg0ArKJSzIFCBJdDIUsoEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 65B8 16 KB
12 KB 82ms
82ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231002&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7dbae90725e3e9efdf3273c987e8f807c04cd1e8fe9cad5f70b6003ab65303b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12144
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FEEA 17 KB
6 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310020101/pubads_impl.js?cb=31078496

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9435 13 KB
5 KB 31ms
28ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 80132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 15:15:44 GMT
expires: Wed, 02 Oct 2024 15:15:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 14C3 829 B
561 B 38ms
35ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

20669010ffe70b5fe7ff170b2fffcc7d6ad49e6269a032082b3a67a1e3337394

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Y1HSQIoDQAVk9WFVh8yoLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Y1HSQIoDQAVk9WFVh8yoLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:16 GMT
expires: Wed, 04 Oct 2023 13:31:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 65B8 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309210101/show_ads_impl_fy2021.js?bust=31078420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 13:31:16 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F47B 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 80132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 15:15:44 GMT
expires: Wed, 02 Oct 2024 15:15:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B4C0 829 B
559 B 30ms
30ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

709fb34b93b540343c33d249eec5eccdf4f4dd238689b9e85c94a99589e160a0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HZ3iJfEobgzt2DDDJUELfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-HZ3iJfEobgzt2DDDJUELfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:16 GMT
expires: Wed, 04 Oct 2023 13:31:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2BC6 13 KB
5 KB 76ms
75ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 80132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 15:15:44 GMT
expires: Wed, 02 Oct 2024 15:15:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0A84 829 B
558 B 48ms
39ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2321043df0101db8901d561be8c80972f12a835c64e22e7eb518160e0d8b229b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tFljrF4llx60VE7pLEjnyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-tFljrF4llx60VE7pLEjnyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 13:31:17 GMT
expires: Wed, 04 Oct 2023 13:31:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 14C3 0
0 239ms
239ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231002&jk=2989584093160384&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9435 37 KB
14 KB 43ms
32ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 08:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Oct 2024 08:46:30 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B4C0 0
0 161ms
150ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310020101&jk=338408665147344&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame F47B 37 KB
14 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 08:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Oct 2024 08:46:30 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F4F 0
25 B 93ms
92ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1897430060279&version=m202309260101&ct=77&x=1&cor=10116856231078773000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0A84 0
0 128ms
128ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231002&jk=3081292051479153&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame 2BC6 37 KB
14 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 08:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Oct 2024 08:46:30 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame DAFA 0
127 B 73ms
71ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:17 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2BC6 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?BAaiaw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F47B 0
10 B 60ms
60ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8QyNdA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9435 0
10 B 36ms
36ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?QkQpyw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:31:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DBE1 0
25 B 58ms
57ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-vxrI2kdZevREr-LjuwPyeiMgAwAAAAAOAHgBAI&bg=!v7ylvPPNAAZN1Q_XbdU7ADQBe5WfOIUWkW1v2reKRV3NI49C1Adp2bN-paUR5BrkxytxRHU94vZN1QgigXAYtZ7wUeJPAgAAC7tSAAAAC2gBB5kDUXSEk5kH-sHaJRvBkmV1rlKL1PQCdA1NSRd0THF4FozZhePQnzDAeHctxCDcGRjmIBN2zjc6vPp9PAczYyRA4CCiIPmj7sS200XpKeorBBi18eZqx12wfYpiHF3kiVnrcUPxgfpbJeZPp53pe8021n3QpcJCAQHzi6vr_YdgDkBks9JWLWUTXFiivsO-8kxUZUsNzALz53auGTgLBFWFkqeo_sVqLgS0G1FEUfMD1phW-B2-IQNTZIHeSnIpzT-TXutsHO-PwqzkQ_96EFbvbs-v_v67YLsFfXVxv3ERwu5_WIdmJ8AE0QGxMfoNIaXlti_irZ-5srowT6r-zBkQB1TCSSjzYOW1RDLi0ExFK3Z1x5cRXBlXTXCEevQyNO6JQHjccwtvy5UzNH_s5Ku7jKw0ew1h9F8iY8EiDIKzYJFNrdblmbfODyrXnfi3vkEnpaTu-LKUH1lZfOJ2_DTttMhzpO2ts21DJyVUP6QuvE7ORiXg6a5sUI2UrXzqjS8aBdru0HDFl5SNes7Fj0e4Zv5FhOIF1NJR2Xp0JWLvt9sJTpndUyeAA36q90YB465-yQLmcmvLzmMddK_E8CS4DKcDUEMg-lbpHFgCEgO0kXIj8pZ4PVQQuKLeuF8-FEgR_UBgf0_b9xKi7N4QIE7N8Ec70p5KwqtAqFk011yc9dE3ChFdCutC1bbaUORIzX_bPp_6URS4xyvFEzzhLCS2DfO1qW0Q_lYv7ZoInXtElJ5wRQt1X-EcmK51w2k1t4iR7BSkqhLGFmlL8VnXOlwh97WJEIJ3du68VDM_uRGTqPJyzP_B74r3kZCJ7atP04XxnfdfSiax_ywjShOm8Vd3L3V9eb6s0Ofh7RWE0moFytSmo876fZAqgI_kxdKhZb-HDBv7sp4LLDLzJfDDL54gjdBx78Jkq2W8XLrrnj9eGzh2-C6vvry6BsCzxj2emI0nEv8NlNhD6xh0pgnyxSHYq-KlbjYkUlxzc2JWKPddFxKZPbSETRsFaX7l_AefFJCTV8ISuSJ41czPuUb95xLuZMU9L-b3xfvsxQVX77kxG2O8nzl43VUPmlyBAL_47eVtrxDBPVgmZjsiZ3HzASzC_te1JB4vImTR-P01fInKDQujnA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 13:31:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 65B8 0
0 132ms
132ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231002&jk=3081292051479153&bg=!PT6lPnHNAAYEJRtnJCU7ADQBe5WfOBsiVhyryb9Y3xTIQpUb8YqCoHC39PbClGBGHKHcnn3CqH4bWZTnWFQ7suBDzPLmAgAABkJSAAAAiGgBBwoAJLq14EicI3XzWl-hkVNFsO-XscgREDs760sLXYxklMVv3sJwv5kDC7ILah9ZlyxRJo-QmDmowz10ywo2cHDiSWkeUjqRZ9pvhyiqwkispntWQ0CQhJ0E8L1n1K0AP6UDe-j0iJHKuLzxjg8EHGklS9EHsGFXDxx9zET1ql_lG4SzvvnrlQoXLlerAYXO7qW4VP2LX3BDFWPnLX9653ozTlLNhPmAFY_dksfXJg1sqg4IAzikNjKm9gh6de9SsBoFd6w2MaXm8lYF2wureRtyoUO0dJivK_2lvUEldJ2P92UzuefvWvn3vVrrbtp_XWOlvd5qXTW2AX72jUQm3BJTwZj1x-Qu6R62O_jtu5IH4lPgDNUV7EBmcu3luYq27PZAc5VwkyO72e0F5FnwMEq7ftFa40DPQmgFiSCHyt7F4tuwr9sv1i_Ty_-tEqhmJtBzGUqDEbaBJEAuyzSOKm0cdgZ7SngKsxm5cOo6PZdok8unoKnR3ZXJVRXQ2-gCMTdyeuCXHhAoz4IlDtb8rJhsbEV0LS_GB3aDIh2zBJnhNZoXp-5MyD7a5v1bG8HE_2uY6__I0QzwFkUwrbJQ0qep5rjyPZA9NJat61-_ClG8mY3-QfrVfjaooJvd8Lm7dodU5lgQ2xxmPAzoo7_eP58gxPqvbXNsPQNTeoiYTFbMRBqkZcdo2noNWFzHtaDjCAzMZjYSQdBYW5AWGpH5Q_MfC7NNAJ8vz6IuRFlyxpBLu73lNGcHe13reCxmJZkDSZ2E24-6QI7PZGwGIvpYvJXyiSC6jTOTQ-IsHrrYZTjFo6VI3ZYtLkGMTAVcc31lwBHz9QQWTi-B2ZYeS5jhGiFTPnmpjkAaGrluz2G05uzvcHbjkDqfy_HOqfRk1PfPMYDwMaBm-kD-Sb8hbjRIONeGPD8yj1qkTrqKlZwCQB3IVcXP9Nfuw50FQZLWsYiaaJO_LLwHCzzzsJPKpnJtv_1GHcz6aoRzO0ceNMrIN91eM4eD-LVwWKK6ryZ6U2fxWEoVOheyNGpLwMgubH3kh-5BDiq7WKR0eYogqfINJG-xjlUTTz0uSxD8x0H2YlLo5c5-YvnE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FEEA 0
0 128ms
127ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310020101&jk=338408665147344&bg=!Z2SlZCvNAAYEJRtnJCU7ADQBe5WfON2lSMFHPEqdD9L22RoliZk54PySsDej26vbiCYYMF8AHtGy7pDGs2E9a5ecJwcNAgAACHNSAAAAbWgBB5kDAVIsJhY42A2cI46eGi8IYmHDXAU15NlSiFmPoJaQOeBXK-tXMJ6X6vNDtk_hMNkNkOuRafY1EvC3HrR5HYYJ0JGOpVB3zQuJUGdSNMr618nxkvi_XELDDPeJzYoxXYNGy6oNVi524CSUkvpfrp5zt5sz-2n_YK69L8uUrf_FgP0tfyv_iNYR-yrP_PHYUNLjWOHAjHa3zlUca3_46mUY1P2Rw9tgjgokat1_zxnj08FhDGRfRGL8sjMi8E3ZnpqNcsPGT2JwvE0FeFz-h38Yn-kyOQ3lWtGLh82AunmC4HixAM2gauCUiwUUXkFF-wW4dc8F4KaXhU__7GnDVQmez70m5Q0DejWp4gTI6xUQvbkBmnaZXNwcv6nHmp5UVdz0XFr3GKI0nbJDrGJXjBV8Bppp0XCkFUXWeNf-BtnAWraOxWTKqWu7KrKO_6BQInCEox7Q_yuuHH-AQGQFF3RVuYVhgKWBzQIINFu3ePzi9we8RAfIShKjb65WSi8VvBZsSUljplBLId5tcqyb_44fqoJUg40cBvrFaA3USPSvICgi-t456u4JuDhQOy71C_lsbpc2P8053mRu4hlhOzX6_p2KqxMurSZjNAjIRbVjIMY1jwjCUGczkz4ldm1HdqAn1k1f24ckPMqpbHD8WKphRvS4NMg7J2W5T-i-9XwTBj7XswAmFAb28k7K_QBz6CU0-dS-VfhjV8-Jp2THGoDQokvM4TKex-4KpiW_1WynlCDa_tN0isHNU_NeOgsJJ7NyGQNE1mSq-dDPE89PcvR2LgevdbZI2nicYBxikHwpn82TQJeoaHF8tE0uqzUAdBALm51Ho6EdKE1jjczotdiCuMs1XOZ3GEYdv5D4zpuDxJOzZsUhx-9TByUfhxQ8G3TxgAi8VAJxvS1JuULnY3cD8U9_y3ZxHEUXLQ3OqiiDvCM4mu3NvyfDUXDfTNvTvYPPpIHiEBgWa3QrnqiTeM6lVxSKQ9R6XYSlS78YmF0J6mCl7CLyhMbfLt91cdRdIgAxan4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6D91 0
0 145ms
144ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231002&jk=2989584093160384&bg=!Y2ClYC_NAAYEJRtnJCU7ADQBe5WfOAJYYLjsx_kznEco375ztb-6vfD8qGktgpGsl2OiaLcBIeUKx71neDjK2p5uartMAgAACNhSAAAAa2gBB5kDC5U9ALdOdxr-yX36UYCohhxPTjTLwdvcF_KVlQ1FH_rCXscKQ72AmMKA8iXS1vszTOujghFZ5gX-6yJdlWqTzq1pxljkZRT4tHIxlW0A3BNa0nBCHaH4gFqCAjOnNuZVL8Q_Kejc6StxVCc4ARafmkDE-fT-k-4SkZpV0FHrtlYBLdBXdaGqMkeeUHvIhXJU7Fidq_RWIpBaE209S4CqjmYOjXASny-GKORJN6QZyS6Y3FZe2nfmbI6vrMpH7xnSv72lBY2LkY6zA0YoLfRiDRPhXI5BSCglMvItv7iiDpyQFSb187ZqFYf23HGR9L_jiaMzwpZEj00ryKxaZj8UWc447CEPsHKXjUrbzc2MRnX8PX_YZZbf42t_DY4RAOcHi0frtiaxQv91xptj2IJawTbRLlvltV_8gF3Ik1pwHZFcxjBdaHQuTdyHQ--Nbs8uV6me7pgOPfuvawZT5RbhbahCWdeoeCb_Dr2ztd0kjpxXkht80lmDDACDKqWq3iwkly5dcK4nZklJdI7DxZzxqbWZSSnrQysoLo83YgXseD3GhNwk6iFY-219QLZHHHzpTMYHhLax71-uNnslPZ616kcknT_CWGgL3YxPj0g-p4-JKhvOr70BgkMBWqqQugTzH4soWJX5NUjs2_nx6YrT9dqLErHZtRnH29skGCJhcpoF5rdJ-1za8Rm2mdQzCCg0lbSCGa-k5zuCa4Ot65tlI6CaXxLXggfKFrWuzKwT9KhhnGJh2lDPwPCgtb2prD17mu7k033z6JSr5v8KuKsSItW1ixYXVnJbY-x58sU7X9t0LBL4yJCLBws-x2lQqaH0aVKTcojkT6sbnnNGE-Q2ehRhPM_5MuHcvk-3RHHKoN8so_Dr7X2ybpMDOtaIRPeBuEyr0Wm8Y0LNlOldz1qaMeOC4tgyUmin_wxpaBLYunc00gVIZ_C9ALKYGsYQYkJzrVBH9KJ9PfHw2JVhPSV-pO4280CIgpSzKV8GJhbLJ9fsAT5yN0AEnrIm1_gEEXM9cQ0Wej1_nYX591cq
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 200 all
csm.eu.criteo.net/ Frame 1239 0
127 B 37ms
36ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 13:31:20 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:49:46	Name: is_unique Value: sc12916097.1696426267.0
.statcounter.com/	1970-01-21 00:49:46	Name: is_visitor_unique Value: 1696426267238656879
.xgcartoon.com/	1970-01-20 23:59:22	Name: _ga Value: amp-Wr521WqRUU7pv2l4HYiggQ
.doubleclick.net/	1970-01-21 00:49:46	Name: IDE Value: AHWqTUlhKJRxXzhaDS35bblrq6J4D4AIHb0N0UZ1frx5qU8wqug6WqzKoDRoWU0M2UM
.adfarm1.adition.com/	1970-01-20 17:23:18	Name: UserID1 Value: 7286095366918832487
.openx.net/	1970-01-20 23:59:22	Name: i Value: a0cc41ff-ceea-4c83-983c-5d6965158738%7C1696426275
.linkedin.com/	1970-01-20 23:59:22	Name: bcookie Value: "v=2&83a65ec9-deb0-4757-8c0b-4124e00add63"
.linkedin.com/	1970-01-20 19:32:58	Name: li_gc Value: MTswOzE2OTY0MjYyNzU7MjswMjEa4TPs9BHoCa1ppjEzgXsvfe1kw35vwETAkfc7cLNf/A==
.linkedin.com/	1970-01-20 15:15:12	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2666:u=1:x=1:i=1696426275:t=1696512675:v=2:sig=AQGKO3KKluwZGL80eMdsDxOKwjezuV_C"
.yieldmo.com/	1970-01-20 23:59:22	Name: yieldmo_id Value: 3ec_7ccQQYci8YdwvqIy%7C1696377600000%7C0
.media.net/	1970-01-20 23:59:22	Name: visitor-id Value: 3394278758454857000V10
.media.net/	1970-01-20 15:33:55	Name: data-g Value: CAESEDKWHqipfdvOGOnLvJ_uKhc~~3
.casalemedia.com/	1970-01-20 23:59:22	Name: CMID Value: ZR1pIz5hM2hnUAhWIIGQfwAA
.casalemedia.com/	1970-01-20 17:23:22	Name: CMPS Value: 5267
.casalemedia.com/	1970-01-20 17:23:22	Name: CMPRO Value: 5267
.turn.com/	1970-01-20 19:32:58	Name: uid Value: 9161100250008854445
.tribalfusion.com/	1970-01-20 17:23:22	Name: ANON_ID Value: adntuJuyTYEBErv6XromiUeg28rSve2ZbiINoTZdR2bBxDQZcBV8TWcJIU16FcZdy58mQMxQ9jD2xjMqCo6pLJWubHV5
.bidswitch.net/	1970-01-20 23:59:22	Name: tuuid Value: 6492f71b-32ce-4caa-bb79-7b534a0a6bd1
.bidswitch.net/	1970-01-20 23:59:22	Name: c Value: 1696426276
.bidswitch.net/	1970-01-20 23:59:22	Name: tuuid_lu Value: 1696426276
.adform.net/	1970-01-20 15:58:24	Name: C Value: 1
.adform.net/	1970-01-20 16:40:10	Name: uid Value: 1091522834612868210
.3lift.com/	1970-01-20 17:23:22	Name: tluid Value: 1516484972235000149278
.yahoo.com/	1970-01-20 23:59:43	Name: A3 Value: d=AQABBCRpHWUCEBmygkZkPGPtyCYoIbG8YJEFEgEBAQG6HmUnZQAAAAAA_eMAAA&S=AQAAAhmadyCMPI8n_SPpSpJEOPQ
.yandex.ru/	1970-01-21 00:49:46	Name: yuidss Value: 6437894691696426276
.yandex.ru/	1970-01-21 00:49:46	Name: yandexuid Value: 6437894691696426276
.c.appier.net/	1970-01-20 23:59:22	Name: _auid Value: yYO0CMy2DROCpfvxJWkdZQ
.c.appier.net/	1970-01-20 15:56:58	Name: _gu Value: CAESEJJ-8bBNoF_4U3-YvtNC2Mw
.socdm.com/	1970-01-21 00:49:46	Name: SOC Value: ZR1pJcCo8YQAABTrxdYAAAAA
.lijit.com/	1970-01-20 23:59:22	Name: ljt_reader Value: HbgrJGZHK0iJaQMRT9C-lnwn
.adsby.bidtheatre.com/	1970-01-20 15:23:51	Name: __kuid Value: bef0e3a7-e45a-4f58-aea9-735fa7bbd32e.465640279

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei Message: The resource https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.xgcartoon.com/detail/shanhaijihuiguoyu-salalei Message: The resource https://b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9939aa55ff470adbad9e1fedc7056fe7.safeframe.googlesyndication.com
a.c.appier.net
a.tribalfusion.com
ad.turn.com
ad4.adfarm1.adition.com
ads.eu.criteo.com
ads.yieldmo.com
an.yandex.ru
ap.lijit.com
b5b933dc5ce9acb6707758780afe3956.safeframe.googlesyndication.com
c.statcounter.com
c1.adform.net
cat.fr3.eu.criteo.com
cdn.ampproject.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
cs.media.net
csm.eu.criteo.net
dis.criteo.com
dsum-sec.casalemedia.com
eb2.3lift.com
googleads.g.doubleclick.net
im.bluevoox.com
imagesrv.adition.com
match.adsby.bidtheatre.com
match.sharethrough.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
r.turn.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
rtb.openx.net
s.tribalfusion.com
securepubads.g.doubleclick.net
static-a.xgcartoon.com
static.criteo.net
tg.socdm.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.xgcartoon.com
x.bidswitch.net
104.18.27.193
104.20.219.77
124.146.215.43
134.122.57.34
169.150.222.217
172.104.70.67
172.217.23.98
178.250.1.9
178.250.7.9
18.158.137.139
2.18.160.23
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
217.79.188.11
217.79.188.46
2606:4700:10::6816:2e93
2606:4700::6811:190e
2606:4700::6812:19ad
2620:1ec:21::14
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:830::2001
2a02:2638:3::9
2a02:2638:d::11
2a02:2638:d::2
2a02:2638:d::4
2a02:2638:d::c
2a02:6b8::90
2a05:d018:d29:3602:5aec:1139:b771:4a28
3.71.140.162
35.227.252.103
37.157.5.133
52.210.221.60
52.45.175.185
63.251.14.14
69.173.144.165
76.223.111.18
04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fe4af134347bf9383f0946d8417a70e5bd69298876a68c4b578ab6bdeacad81
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1cce925a6f0b793d5b597ba837e7fbbbbf2e06466f398a99a5f6b3d282640418
20669010ffe70b5fe7ff170b2fffcc7d6ad49e6269a032082b3a67a1e3337394
21f0feacf590c69e6293bea4d3351afa09582dce86adcb15a48818598567e9a8
2321043df0101db8901d561be8c80972f12a835c64e22e7eb518160e0d8b229b
278b18b52d5f1bdce75a8deb3672cd3cb1aa94d0e103a58d5c9e41c2b56ae029
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2cdc7ff26dcf95ea62741c32bcc2270be4443d7e0ed3151cc6ee32a2365b7eeb
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30d27c3d691d18f3899cc2d2140875879815187b2d3701138a22fd94160ea080
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
34e962cda2283190944b1f82385e06f45371430b5f688ab99b1de07f312743b0
34eee643107e1a9aa4afd6bf7c79f215215736a7a549d9fe30c1c639bbc46e2e
3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb
3e470390154e5bd03688cdda3929ea08912e3c0df3381747417b2b2695c11e6f
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
433cdbb5cd3a653b5350f07f83daa328dbce2e0cf4798683ed287800c5cb7f41
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
461ca9d575b3937553488f2cf6d01999917b2caf75f12c824c811793078ad425
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46fac2c4f85a6f77b7b855a38edd6da4af8721ba0b7bab73d0bc60347fdbd3e8
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49b689dadb5422c55344fdc3bb4f21f446ff8f02f26aab669d0598c910c26809
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
512af5e5b54741cee7d41cadb8faddef8bce49d21c054836119d0d7d4c6c0383
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c7c5c90a9ea184b7ae122746634b34b95b904cdf18701bcefe47281bdf3fb2a
610eb5900b1c4338a2a1cf614807523f37117d2ab8a3216f49738feed2da0dbd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
644fc840fe7a0467e6c751abcaae2625028ad2b57ab1d137ed485c3530e89796
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6d4ce990b5d218199e8be7f6d3aba63ba7b99a50529a93c237762e5923a0fdd8
6e5b2bf64982d446fd87eab666fcb1416242d358ca71067e098bf7c1b833ba39
709fb34b93b540343c33d249eec5eccdf4f4dd238689b9e85c94a99589e160a0
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
71c87286b7656c279d8c6276b6602373709af8c8d4405cf94dc74e71ac9fd3b4
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7869d4ba3529b7a2604778367eb4363635fe4ac7b01fda7ed89b390831a05986
7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
83c4df9d6c884be717c505f9f44c8925b2795d8c9ab61631affbd699a8a0273d
85807e46cda1cc83ef9c5e92edaacb7ccd4fe3cf1ad8ff1975709a435853cc08
8756d3367261f5dfcbef03be86fb4b956f889917fbdd3b72c300d8e1dcdc5f47
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8b50921b4447614cf7d2c90c970d56c019b5a9439a18ff9ac38988dc8383a1bd
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8e13b990ba95d19746bb5ba999bb22823ecaa39f5964725795eb589985d4d496
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9956b67a65a6103b7d08de8c31811f8f4b4b47621d1534786745465e4ce0e4d7
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9f3e52c7830e93eb3e0c14e80c51b8356efd77cb3b258c4a613a64b853cafc6e
a080ea8a98ece8e7dc5119623134bb2efa48b79a06c7121a59bb6d3911fc9cbf
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a5e2854d9f249414ea735a573737490b09b5b7b6a8fd9391e0fb1be8a3fc6233
a6816c7f1a5d72688da24d08a58de6adfe756bc49dbab3c9de05757389bde861
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7ad06c458fbb2c2f083fc4a663c99d5e06947c23c6b84966091fe61526a52a7
a7dbae90725e3e9efdf3273c987e8f807c04cd1e8fe9cad5f70b6003ab65303b
aa0696014ac23d674aec0b644c215635727fc3ff4b972cf9052c7bbd0b774a92
aa4ef90059145b095fd76b1ce617eaec34bb67a23f23ac69cb719a08fa7455c6
acefc092ffa6df74a87ef66c614fe3552153903ea3f4da381086eb63d1b8525e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2dff3c8538006a5ab7304fbdd0eef49b25077b7ba5faabcae58da42f42b1f8b
b598b9e98f799846cdbf31c17058f7d600ca047826fa59be227054b5f9f858e4
ba98e735ce0f8021ed850e1cfd1e5f20049e17ac90b3bea352b04324d045c233
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c399dd6e87dd4a577363801b62a35c3275669714a30a2ec7496a2b11a242af65
c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
ce4626c4be8b6ec31d34669eea56e2a2a6052d369195264b056461806b1e3c32
d4de6c8a24d8959593744ade6de22ed29b5404dcdd0243d43e52209b56383f66
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e412f751b73578bb55e3cc970477ce54dc34ebbb73b4967bf8ae6a0cf97a2cd6
e417d3c18683e55a5dab60830b717a621e615745e0f95f466c8fc6ae59e1060b
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eae2248695073e0308aef7dadbd59220d715b450b344d9de0e38da2b5d1cfb72
ec4f56080dfe600be5d04ab1bf27117aba83605a12d0387a0d5cd96d6c422aee
ed68f0e80b7fdede2ae7235b2ae1ce179d07fa64513658d7ac9f65a5f12d623c
ef137aa476d32ae7d31704a2cc81d88b9a16fe6e25a7015cf20dd72a49316a02
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2ad859cee652c2b79090857fe151e8a6cf05626bd23bf47bda9a75ee54d8440
f4a910ab5244e789519de23b0acc098577354305d758ae59a134a6ccfbc2bc64
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f7cfa639adfcd80b1b89599510b4c5ea04bcb0650fc7794ef62559fced7896f2

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

204 Requests

90 %HTTPS

49 %IPv6

31 Domains

45 Subdomains

28 IPs

11 Countries

2458 kBTransfer

6147 kBSize

31 Cookies

1 Outgoing links

Redirected requests

204 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

204
Requests

90 %
HTTPS

49 %
IPv6

31
Domains

45
Subdomains

28
IPs

11
Countries

2458 kB
Transfer

6147 kB
Size

31
Cookies

204 HTTP transactions
12 data transactions