www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Submission: On October 05 via manual (October 5th 2023, 4:45:31 pm UTC) from US — Scanned from CH

Summary HTTP 246 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 38 IPs in 5 countries across 39 domains to perform 246 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on September 24th 2023. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2f93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 30	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
6	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
45	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:d::11 2a02:2638:d::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 27	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4001:c10::5e	15169 (GOOGLE) (GOOGLE)
9 31	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 4	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2006	() ()
1	217.79.188.59 217.79.188.59	() ()
2	217.79.188.46 217.79.188.46	() ()
1	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	() ()
1 4	2606:4700::68... 2606:4700::6812:18ad	() ()
2 2	34.91.62.186 34.91.62.186	() ()
1 1	154.59.122.79 154.59.122.79	() ()
3 3	3.65.51.143 3.65.51.143	() ()
1 1	2600:9000:211... 2600:9000:211e:fe00:1b:5138:8a40:93a1	() ()
1	185.86.138.152 185.86.138.152	() ()
2 3	51.89.9.253 51.89.9.253	() ()
2	142.250.185.162 142.250.185.162	() ()
2 3	185.89.210.180 185.89.210.180	() ()
2 3	34.98.64.218 34.98.64.218	() ()
1	2a02:2638:d::c 2a02:2638:d::c	() ()
2	142.250.185.130 142.250.185.130	() ()
2 2	52.29.79.55 52.29.79.55	() ()
1	178.250.7.11 178.250.7.11	() ()
2 2	13.248.245.213 13.248.245.213	() ()
1	35.73.212.134 35.73.212.134	() ()
1	3.77.247.132 3.77.247.132	() ()
1 1	35.186.193.173 35.186.193.173	() ()
2 2	35.227.252.103 35.227.252.103	() ()
2 2	185.64.190.78 185.64.190.78	() ()
1 1	23.212.88.20 23.212.88.20	() ()
5 5	188.42.105.236 188.42.105.236	() ()
2 2	2a02:fa8:8806... 2a02:fa8:8806:16::1370	() ()
1	34.249.156.204 34.249.156.204	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3605:316a:16ef:4691:e00e	() ()
1 1	69.173.144.165 69.173.144.165	() ()
246	38

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2f93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4001:c10::5e (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 172.217.16.130 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.26.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.59 (None, )

ASN- ()

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.46 (None, )

ASN- ()

ad4.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ef75:8280:f209:5ba1 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:18ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (None, ) 2 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.79 (None, ) 1 redirects

ASN- ()

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.65.51.143 (None, ) 3 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:fe00:1b:5138:8a40:93a1 (None, ) 1 redirects

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.152 (None, )

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (None, ) 2 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (None, )

ASN- ()

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.180 (None, ) 2 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (None, ) 2 redirects

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (None, )

ASN- ()

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.79.55 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.73.212.134 (None, )

ASN- ()

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.77.247.132 (None, )

ASN- ()

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, ) 1 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (None, ) 2 redirects

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (None, ) 2 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.88.20 (None, ) 1 redirects

ASN- ()

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.42.105.236 (None, ) 5 redirects

ASN- ()

sync.gonet-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1370 (None, ) 2 redirects

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.156.204 (None, )

ASN- ()

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:316a:16ef:4691:e00e (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (None, ) 1 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
90	googlesyndication.com 1 redirects 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157 pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com	1 MB
72	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 cm.g.doubleclick.net — Cisco Umbrella Rank: 255 googleads4.g.doubleclick.net	799 KB
18	criteo.net static.criteo.net — Cisco Umbrella Rank: 728 csm.eu.criteo.net — Cisco Umbrella Rank: 9249	149 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 379	251 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	588 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com	183 KB
9	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	3 KB
7	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 9209 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10275 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 15502 rtb.fr3.eu.criteo.com dis.criteo.com	42 KB
5	gonet-ads.com 5 redirects sync.gonet-ads.com	2 KB
5	openx.net 4 redirects us-u.openx.net rtb.openx.net	1 KB
5	2mdn.net s0.2mdn.net	73 KB
4	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	2 KB
3	adnxs.com 2 redirects ib.adnxs.com	2 KB
3	onetag-sys.com 2 redirects onetag-sys.com	880 B
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	adition.com imagesrv.adition.com ad4.adfarm1.adition.com	11 KB
2	dotomi.com 2 redirects dclk-match.dotomi.com	887 B
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	961 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	googleadservices.com www.googleadservices.com
2	simpli.fi 2 redirects um.simpli.fi	1 KB
2	gstatic.com csi.gstatic.com	288 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	711 B
1	scoota.co r.scoota.co	111 B
1	media.net 1 redirects cs.media.net	1 KB
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	609 B
1	sharethrough.com match.sharethrough.com	35 B
1	adingo.jp cc.adingo.jp	44 B
1	smartadserver.com rtb-csync.smartadserver.com	659 B
1	smaato.net 1 redirects s.ad.smaato.net	463 B
1	acuityplatform.com 1 redirects ums.acuityplatform.com	684 B
1	quantserve.com cms.quantserve.com	463 B
1	googleusercontent.com lh4.googleusercontent.com — Cisco Umbrella Rank: 510	454 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2250	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 10381	468 B
0	aura-dsp.com Failed sync-dmp.aura-dsp.com Failed
246	39

	Domain	Requested by
45	pagead2.googlesyndication.com	948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com googleads.g.doubleclick.net fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com tpc.googlesyndication.com
33	tpc.googlesyndication.com	1 redirects 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com tpc.googlesyndication.com www.xgcartoon.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com pagead2.googlesyndication.com
31	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
30	securepubads.g.doubleclick.net	1 redirects cdn.ampproject.org www.xgcartoon.com 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
14	static.criteo.net	ads.eu.criteo.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
10	www.googletagservices.com	948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
9	www.google.com	1 redirects googleads.g.doubleclick.net 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com tpc.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com	cdn.ampproject.org
5	sync.gonet-ads.com	5 redirects
5	s0.2mdn.net	www.xgcartoon.com s0.2mdn.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	csm.eu.criteo.net	ads.eu.criteo.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	onetag-sys.com	2 redirects googleads.g.doubleclick.net
3	x.bidswitch.net	3 redirects
3	a.tribalfusion.com	1 redirects 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
2	dclk-match.dotomi.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	eb2.3lift.com	2 redirects
2	pm.w55c.net	2 redirects
2	googleads4.g.doubleclick.net	www.xgcartoon.com
2	www.googleadservices.com	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
2	um.simpli.fi	2 redirects
2	ad4.adfarm1.adition.com	fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com ad4.adfarm1.adition.com
2	csi.gstatic.com	securepubads.g.doubleclick.net
2	65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cat.nl3.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	r.scoota.co
1	cs.media.net	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	match.sharethrough.com	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
1	cc.adingo.jp	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
1	dis.criteo.com	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
1	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net
1	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
1	s.ad.smaato.net	1 redirects
1	ums.acuityplatform.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	imagesrv.adition.com	fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
1	lh4.googleusercontent.com	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
0	sync-dmp.aura-dsp.com Failed	2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
246	56

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G4	`2023-09-24` - `2024-10-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
quantserve.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 36 frames:

Primary Page: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Frame ID: 2B54EB46475042C0B7C43E4FED910864
Requests: 38 HTTP requests in this frame

Frame: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 56DC19D4CCFDDFA1C66C4F9EDE356AC5
Requests: 11 HTTP requests in this frame

Frame: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 003632BB625B30BD9F845CE57FEB7A40
Requests: 12 HTTP requests in this frame

Frame: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 29C19FA3F4C26C150483F93345C165C2
Requests: 9 HTTP requests in this frame

Frame: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: EF978AA502B72355B6AB10C237FE6C52
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oGAAEnQ4Iu-XCAAnapKRhIsBij9Ro4NmpAw&u=%7Ct5yctyyaovj87N%2FRYmD3EBJzAEocNvEKqwlaNdtRy6U%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAjx3LIdsTANZ9z2fZ-FGQxHUampl4RJristc7ZoaikIV5-GqEmFeQzbkC6bm06yOssx3WowKU4yETizdUl11Q3Qy30CWhvxkGJB7Y4kTDu8AN9n2jTPm8c9UqeTFHVYjb6A5Ie5Y3dSsumeeFoYFV2UBVxM5DYKqKKY7KvzrVLIrTYM1ZSARAYQoXeOxyyUkdjI4HFfYSoXwk2H9oHm87VEDwpslL5Uo-pvjWaXWOwrGmmMK7c2yoaLZFvXIz2BMPM5ctCp3N-pid7F1JTFCGQHbP-2ie3m2Z9cDa76ErP3z-F2cwIwQZ5bpkTlAOIIHDmtXNQ1uEWh9gwi1hiNISJo24hg9pZEWvGXLe2fQzYdd4E0_OStbWDHFCfRadgzvHgfylbMQBe36V3ZjrGWIvgXEIV_vFVpgWR1pcJt2DEhnGDltQJxMf2_I8C_cPZbdqFWgwJNjPwh_RQjmX3fQ90ahtGiYkOpTYdUcSGzxGREI-T4da0JiQCYziPlyJ_O92TKhmIiSKqhypnweVXLgrbbDAxVeqbHW3-NmMfQj-LyOAnj3uulUP4d&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCie8mGOgeZY66EsLL7_UPpLWnmAjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-4AIAqAMByAMCqgSoAk_QWNITaPA5aUDk_4ZHy8GVQ5CWe8Ly2u7C174Ei6zi1D04-lIDGwfJN1qP-S5Zjs7waZ98bLbMcOzPMkLSNpB9QbxtzhGbTIH5GtGtK7DByARqzxKTiagXja2cLDMawFFjFSFAnC1JbgcZaPODKMaoe5JDs_CacobknQExLmwWSllhzk7HequYeI7Mj1rUellN-thE0z9Y4TkqR9csgzZVpU4d98de4bL3dVgkvOeTMVUsCf_5uxKqP1RXG8y0RrbbhxeSGrUgz75UmuxLDsiseGVolByG4ToSNT_9n-itvHheN2DKuXV9GU7DibXH64lhA4XO_ZSXW9NJQc8jP41C1UHTkh7CsCKtKOhyeuCzBsYlW0TslFj_X_EyCAh5BkuOjImsfQOa4AQBgAbixZv_5-mX7SCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1iwhA_6p8f_rQvJ4hMUSkGuPcjhA%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 63D60885172EF92343BD7A095D9DDA3A
Requests: 12 HTTP requests in this frame

Frame: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 2DD31B6EF8B29DC695D67D3A457D4A12
Requests: 14 HTTP requests in this frame

Frame: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D255B9D5F214AD016B695200D15F1861
Requests: 1 HTTP requests in this frame

Frame: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 31CC88F1F6E7C21AD69822D002A17A06
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html
Frame ID: 7BB1C7057BCD33A5ACD1F834F26649D2
Requests: 1 HTTP requests in this frame

Frame: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AB86571F4E191BE1C0EBFDA123656823
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuFi8ZBIvNh-4-DsXYdzUzMs-dg6_OPZCendhXU4BV52XC84ghHqlzvdjdJUhKfX1WMNHPuBKc-LSz_l4lBanPx3y38wcVL01yjARHnUpRHMIG-C4V_VNyKiUMZQX1jdpl6NOaicOu9iinEANKH0jioWl_w_tlc0NKBaEuRYXdnHk5mk0IFITxnSyYRZXZllPr9Re2Fg5Okp7XHM7ISBSgRAET3bLaXYauD2v7ZE8BuBGXMOjOmb0LKW5lw0yktt146au-IyMoHP9W3tBYfwUckEhpYoykSaR_NE-94wMN96dcTpm7VZ-eUV4Yuy0VgBip8fTxcNvX6pAfU4Ti77Ey9vZAxKsC3I2lY0RmN8yVM2nCf&sai=AMfl-YQ3pg8I8gj7gAE3VNTyo1-cAAmleDdWUDIztU-ef8ojQg0ZBCellloAK-E_vCBGaRQoakPhvXZM9ik7OXJ1iWagqTJa_5DbEvwS2A&sig=Cg0ArKJSzJOljS7793mLEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: C37FF438873E3D95F9C5F48566B651BA
Requests: 5 HTTP requests in this frame

Frame: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E5A8B03A52A3C9434B5242DF1708B6CC
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853
Frame ID: 7CFA24331D6EF30626E336B04087D1EC
Requests: 7 HTTP requests in this frame

Frame: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 191F171FCDBE44824EE40785280E5B16
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbJtwEQwtbS7gEYpaHq8AEwAQ&v=APEucNXOvxu9G20HBOkn4PIt6nEcbx7FEeVQyczFOnw4hEQAyyUEy11kNDWAZcTSWhHOdXsmIStBIBJOz714E3BS4dLmBSJIuw
Frame ID: 86AA0E276DF02F9506BF7451666358F8
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 68A6D784B7C6602EBB4F0F3A84948237
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DEA9E1B3E2727D8EF21AEF3497B0D04C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B5C2EA45D05D4DA8487FDDDA5DA0A612
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 16FB50E7C5535581BC70259C7EC664B0
Requests: 2 HTTP requests in this frame

Frame: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: CE3F9844211543FDDB16B6289838A9C9
Requests: 18 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oHQAGu6YEwsxlAADJZdS1Lr-zHbge9es9wQ&u=%7C6ObBEorSoZJwysTDF%2BXIb7tGHAH%2BK5M4%2FQCRqnhgzFg%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5vjThmCpPZm4eXYfNAF-kTFRQE20FTE2r53xEsktjNhfKinU2Plb1A5i2UIdGonFWfY673wflewRitVsJYE8CM2CEYKfwoeNMtJVI9rEUp6ScVKrWgSAYhFvHtSOxkYDD0cytHH0llX-eB0P6A7nm3BnQcTGA7mv8cPOM8URGKp_TPPnVuVeNX6Pp2qfudHwt3MMB-PbILBikyIt0tW_HUnCDXa-cK-XMHwa6tYW9ao9IascIyLwl6SLPjUrXLLtqsXTFgP83BHSW5KwHutgM60JyeaFNLJ7BK3w6jmTXX4AwHOVhXUVIFqYi-UROLFnRvPyAmu-KwnTUHuFmdwg441Dbmn-tuyHFJ0VRafS1RRUQ3ryGTPtQ2i--eTGa4T4RJD5pCoGaI2MynDjNkx3r0EDAxBHd4HtHJjPRkgGTHDzCQaoFTponXwtoNysB8uWy2azKRXJopZ33EcxulZK1jwG-Rty2Ciy9uaDEJvicClB109MlR6jka80K2DrSk2cKk30dnkyoVofDnLoabCEow8TF-ZDhL_Y7cQRqb5j5cC3&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCy4wYHegeZab3GuWYi9YP5ZKD6AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-qAMByAMCqgTNAU_QibPEEmBI6MYfI9gQMpIlUbOIYf0wnY2q94vvZ_J6Kfuta4dwQktCS8FyxcyIcbytc3rEGx4KmiD4wJDmATpE1x8aN-kTOcON_0WtJ6txom7xRpHxbhgfV3_B4cfLEdHACGXMwEohcdor5DyRcQg_vb9_gqTATG3AOtWVjeJLZA-EqDE3aaCehk4Uw-kOGWrql_2ozD3W0KSaAa_OpHEhfCmtexLpy6znsL41WEjvGRdqrWyPlyxWY9Gjsgoouar1qkafmOrvNsChPe-ABuLFm__n6ZftIKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ukhQ9b_UhR5DBsTkDfmo4-ZanQA%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 8AB2E8DCE5669CC4D0939BD594B21BAD
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2513BCAC7E38BAE292A9BA52EC5024A9
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3669FCDFAF0C61CFAF6EC5B62AE4B522
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EE6F7DB7EB3DE3B7A0C1D0F848D8DAC7
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1D3E4D4CBCB472600A3F6A60671A0A46
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW8CpU_mZzzhp7EAeM4QqJ5vbSMI3vq3Hy7cdwgYFCSzv67RZ6TwbpW7DYH3-1-2yqIAxDk5g6kbutXEdFr_fjufRsfGg
Frame ID: 54F1E381C75AEDB3876EFF855779B986
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9D6F9F216DE1DB3853A963369C255DA4
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3A55002EA76B1C12E601FA47DE810975
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A972ABD8F7C70024B37B8D4FC6EB3AE7
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15264612087899687023/index.html?ev=01_250
Frame ID: 40B2C7D640910B6750C5E2DB523CEF17
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js
Frame ID: 0DBDCB290E64B714D3239D167A96245E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3D5CA03F9C6D2163B09AEFACCB0937AB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 47B8EF08A30490D5F8A9CF7A08C975BD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2EB3BF57787663241A2633F2B5037417
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 17AC13C69D7CDD1033C968C1A89243E0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍕快樂星貓【國語】第1～8季免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

246
Requests

87 %
HTTPS

43 %
IPv6

39
Domains

56
Subdomains

38
IPs

5
Countries

3619 kB
Transfer

8566 kB
Size

41
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1

Request Chain 136

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR7oH2KKtk75k7XGVX3RcgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1

Request Chain 142

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODWi5W5AhDGAxjGAzIIyya79dBex3U HTTP 301
https://tpc.googlesyndication.com/simgad/17096744410705038688

Request Chain 171

https://a.tribalfusion.com/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 172

https://um.simpli.fi/gp_match?google_gid=CAESEEBb8cxVWK54hjeJz68ysCQ&google_cver=1&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lEKENpjv_jTEmos0XapX47Ma6pHqLO61QUaJdRsCNBoBB-zhwAvPHID3S3ARPiLnf-9D7Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lEKENpjv_jTEmos0XapX47Ma6pHqLO61QUaJdRsCNBoBB-zhwAvPHID3S3ARPiLnf-9D7Y

Request Chain 173

https://ums.acuityplatform.com/tum?umid=4&uid=CAESEPDqkHu0hEORDB07d_dMhAs&google_cver=1&google_push=AXcoOmQiyP--ClFZMG6RtBJHweqvvZx8edqEn52q-4gRRuMN0qb1pmiu2pbOxq3WRo9FjBQsuGQ7BQ3QJptSzGPsWBcJ9WEJJBQM1WNSBnUjGm8e4kEUSgfelGJlvBMuI6tDid48WYd9rat0pLqIfWu8s9-X HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=836551757536&us_privacy=1---

Request Chain 174

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGwsM-ny37hncpGkoOlz0qHZ0a HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGwsM-ny37hncpGkoOlz0qHZ0a HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGwsM-ny37hncpGkoOlz0qHZ0a&google_hm=pNSRvtXDQO27tj-24JogOQ==

Request Chain 175

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHry27d-xSaBDu-zEQXWK_Q&google_cver=1&google_push=AXcoOmSwEGdBjf3dEKBM1dZ_fJUy7vARXphVEoNDi8HCi3y0LgnwTAMWY9uXvae1pcGDSePNHtrD0YXp5W-WKO6ci0ugtJ0Fqbjc-X9K6xvrpixNqdQ2dxhtgARWjD1Bk1BwJ6PliGkjVhZh1HVwfON7SF7L HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=b35228c874&gdpr=0&gdpr_consent=

Request Chain 176

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBEz3EHrBVrkDN_anYwfcPM&google_cver=1&google_push=AXcoOmSo7CogLmzmxnOLiWs18R1XnjERkHLFmoA2r7fU7YMJzZPcSWbBHqYdhvWnP8YZX5p7EapSGTMMhAnAgeXyHKpexsguZrzsF6YZL4zEQ-b0ktHIDtDZuvfxXa5Xcm8pDBMjRJ8QsYUrgHwyEzjrNXZZlQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSo7CogLmzmxnOLiWs18R1XnjERkHLFmoA2r7fU7YMJzZPcSWbBHqYdhvWnP8YZX5p7EapSGTMMhAnAgeXyHKpexsguZrzsF6YZL4zEQ-b0ktHIDtDZuvfxXa5Xcm8pDBMjRJ8QsYUrgHwyEzjrNXZZlQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 186

https://securepubads.g.doubleclick.net/pagead/adview?ai=CILrhGugeZYT5MZeejuwP-ZClsAe67KaIc6iXtN6kEtfWor3AARABINPLzjBg9ZXOgeAEoAHirumFKsgBBuACAKgDAcgDwwSqBMYCT9Cx1D8_M4zgEzphOO4QDW33X1SJl6cyk0VUz-J2qYYOs-yVOvaJQsbUWLAAkmMViwTK0IlSAPvrR5Z7rbE4ZuJFwDciOxhr_3QEjnu6dUa-C2PbafVVTTykSNObHlCfJ4Vxgc4Ez__3RuCfQZjuU5b2TXBPxmpE0ZaHVK-ZAXOR_KAX98zT_IBaSV6rglLNB9fyvnHAo-eS0hhpqU5PWb4yqJMcSBpjj13M_tkIwjxlGCeftQBvrEn7e5K61OZgOmsJ2szPT53L5f09MPV97zPdaEWFADqI-ndcocORalBo_iCmN7wmIzWWRUOQ3KJIBjAfW6JC9nmG5tPh8rnufej9-8XYOrPD_0uODygAk3pG3XpCFZ9d1Zx5svphytmo1XpUBaNopxbf73VWT4-R2c2bVrxBxCfrJp-8zW8AFxJfA9jceL_ABOztma68BOAEAYgFiu3Ti0ySBQQIBBgBkgUECAUYBKAGN4AH4ua55QSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwHyBwQQ9fQC0ggUCIBhEAEYHTICigI6AoBASL39wTqaCRFodHRwczovL2ZlbW9pLmZyL4AKA8gLAdoMEAoKEPC1pM7OlKmWHBICAQPiDRMI4bqLya3fgQMVF4-DBx15SAl22BMC0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=0AxzRjEVKWw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSKQDICaaNxPmsY0SQnnBmwvpKCT-sJTxvPoLu1z8VB-W_5TlPNyDvJAdeGAE&template_id=493&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf080013549b204460000000000000000%22,%222%22:%220xd929b285360dce630000000000000000%22,%223%22:%220xacda8854e2ea93390000000000000000%22,%224%22:%220xf2f0404274eafe1a0000000000000000%22,%225%22:%220x8ab1bb388752efd50000000000000000%22},%22debug_key%22:%228265543329121096580%22,%22debug_reporting%22:true,%22destination%22:%22https://femoi.fr%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211286501218%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225148228444350573121%22}&andc=true

Request Chain 187

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAC0J8YRjUtIH2lpy_tVgYs&google_cver=1

Request Chain 188

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA2ODM3MzIxNTgzMDI2MDEwNA%3D%3D

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELv-ndPKvl4S2eYmyH_Jqfk&google_cver=1

Request Chain 190

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDU3M2Y0ZjMtZDc0OC0yZjg3LWRhYWEtYmFlZGJkMDI1NGM2

Request Chain 198

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 201

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfPcxv7olD2q55qqffNo0LgtnpIVMdpy6BJ5zelFLSzaB5CKNw72yfQ_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfPcxv7olD2q55qqffNo0LgtnpIVMdpy6BJ5zelFLSzaB5CKNw72yfQ_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=QWNiWm1zN1UxUU9ydHk1&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfPcxv7olD2q55qqffNo0LgtnpIVMdpy6BJ5zelFLSzaB5CKNw72yfQ_

Request Chain 204

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOF2EP-gVaD-tMm7as6-WP8&google_cver=1&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5AtQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5AtQ&google_gid=CAESEOF2EP-gVaD-tMm7as6-WP8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzYxMjM5MDc2MTgxODM5MTA2Nzk4OQ%3D%3D&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5AtQ

Request Chain 209

https://um.simpli.fi/gp_match?google_gid=CAESEEBb8cxVWK54hjeJz68ysCQ&google_cver=1&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0PItnE6rPddhCI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0PItnE6rPddhCI

Request Chain 210

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELnj7HOkmgBTx6txMc5HaCY&google_cver=1&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaBlEyeWuIK7-oDVKMdH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaBlEyeWuIK7-oDVKMdH&google_hm=YeywyZDnQ3S08wyQq728aoM

Request Chain 211

https://rtb.openx.net/sync/dds?google_gid=CAESEJY3HMPyJRXSRHFnqU63ncc&google_cver=1&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

Request Chain 212

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBrL-RdmsVIoQ3j0Ungr4gc&google_cver=1&google_push=AXcoOmQ287UXR9Jg654l3t9et7C405UAK71ycM9ioLA9VISynZltwrhlUIKpkxqn4ONjvjyP6xycjx_BebT7uowTMFrghEfinKEn HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBrL-RdmsVIoQ3j0Ungr4gc&google_cver=1&google_push=AXcoOmQ287UXR9Jg654l3t9et7C405UAK71ycM9ioLA9VISynZltwrhlUIKpkxqn4ONjvjyP6xycjx_BebT7uowTMFrghEfinKEn&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=q99XGHkZSxux1gX7wi3EDA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ287UXR9Jg654l3t9et7C405UAK71ycM9ioLA9VISynZltwrhlUIKpkxqn4ONjvjyP6xycjx_BebT7uowTMFrghEfinKEn

Request Chain 213

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBEz3EHrBVrkDN_anYwfcPM&google_cver=1&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIVnqM2KEqMWOiyiXiW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIVnqM2KEqMWOiyiXiW

Request Chain 214

https://cs.media.net/cksync?type=g&google_gid=CAESELwXbZtqpf7xABSHXOMGvA0&google_cver=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHXe-PxRs8RIoikZ9RsUdE1GJQ4bz-kdI5TObYI1ROjjxD3ZILyGQjigfVNsqSmMdXzUJSrU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&mn_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHXe-PxRs8RIoikZ9RsUdE1GJQ4bz-kdI5TObYI1ROjjxD3ZILyGQjigfVNsqSmMdXzUJSrU&gdpr=&gdpr_consent=

Request Chain 215

https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1QqjJHGqO-G5 HTTP 302
https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1QqjJHGqO-G5&chk=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1QqjJHGqO-G5 HTTP 302
https://sync.gonet-ads.com/match/google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push= HTTP 302
https://s0.2mdn.net/dot.gif?google_error=5

Request Chain 235

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_cver=1&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9qrQK9ixPgbV-AdMp4XzLnLcpXReYNm5uViAID0CzHretGq HTTP 302
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=21f0aa1b53d2188f&is_secure=true&networkId=14000&version=1&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_cver=1&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9qrQK9ixPgbV-AdMp4XzLnLcpXReYNm5uViAID0CzHretGq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAIuZ3qAGqTqgN-PRChAAAAAAA&expiration=1696610725&google_cver=1&is_secure=true&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9qrQK9ixPgbV-AdMp4XzLnLcpXReYNm5uViAID0CzHretGq

Request Chain 237

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmRaLpLbQGUZ2asoba2c8PJYMvepQ8J75RivZPf369xAWdNXh40j8lIG0-Cxuria1oMXHKvErOU0Il5iOYaEdm_gtKMO7La7 HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

Request Chain 238

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO3LbIMsfhI1FlXw3mt7FAs&google_cver=1&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_GiMWv5h HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_GiMWv5h&google_hm=eS1qSG5FYTZoRTJwRXdyLnA0NUlVY2V2MDdYOEVkZkFjen5B

Request Chain 239

https://rtb.openx.net/sync/dds?google_gid=CAESEJY3HMPyJRXSRHFnqU63ncc&google_cver=1&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

Request Chain 240

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHMuhyAzEAIx5ir3RSI_jrs&google_cver=1&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRvBcampprx1XPfI_KUw_qfvL82B HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5ERVMzRkItRi0zMlRJ&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRvBcampprx1XPfI_KUw_qfvL82B

Request Chain 241

https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmRmbVrhz7sCO4N2cJNbOp4h7E-qqgh3Lf6F04TMiL-wlmImSJeHO5lpiK4eMd0_-pWypEjGR9FJSu9XjREmivcq4PObBDuLuQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=AXcoOmRmbVrhz7sCO4N2cJNbOp4h7E-qqgh3Lf6F04TMiL-wlmImSJeHO5lpiK4eMd0_-pWypEjGR9FJSu9XjREmivcq4PObBDuLuQ HTTP 302
https://sync.gonet-ads.com/match/google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push= HTTP 302
https://s0.2mdn.net/dot.gif?google_error=5

246 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request kuailexingmaoguoyudi18ji-jinyong Show response
www.xgcartoon.com/detail/ 140 KB
21 KB 991ms
390ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 60ef34be4d27357c742d1ea99884253e21100f0d09d3ddb531969fccc52a3d5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Oct 2023 16:45:10 GMT
etag: "230e6-JUE2RfTWXo/Yr6qEgvcJJb8hxEg"
expires: Thu, 05 Oct 2023 16:46:10 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
72 KB 160ms
55ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8756d3367261f5dfcbef03be86fb4b956f889917fbdd3b72c300d8e1dcdc5f47

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73066
x-xss-protection: 0
server: sffe
etag: "1743d73101b212e4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 203ms
98ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c7c5c90a9ea184b7ae122746634b34b95b904cdf18701bcefe47281bdf3fb2a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23163
x-xss-protection: 0
server: sffe
etag: "d8f4281da4b1dc01"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 229ms
124ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0696014ac23d674aec0b644c215635727fc3ff4b972cf9052c7bbd0b774a92

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9444
x-xss-protection: 0
server: sffe
etag: "5bf0e0624f55a936"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 49 KB
15 KB 206ms
102ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e470390154e5bd03688cdda3929ea08912e3c0df3381747417b2b2695c11e6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14972
x-xss-protection: 0
server: sffe
etag: "986ff7f2a28ce823"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 230ms
126ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46fac2c4f85a6f77b7b855a38edd6da4af8721ba0b7bab73d0bc60347fdbd3e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15366
x-xss-protection: 0
server: sffe
etag: "b81709c9fc647cf4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 194ms
97ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85807e46cda1cc83ef9c5e92edaacb7ccd4fe3cf1ad8ff1975709a435853cc08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4743
x-xss-protection: 0
server: sffe
etag: "da6a9594ab3fdcdb"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 69ms
59ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2dff3c8538006a5ab7304fbdd0eef49b25077b7ba5faabcae58da42f42b1f8b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10339
x-xss-protection: 0
server: sffe
etag: "3b1d1db9601b03a8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 70ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed68f0e80b7fdede2ae7235b2ae1ce179d07fa64513658d7ac9f65a5f12d623c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 16:45:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32179
x-xss-protection: 0
server: sffe
etag: "9396582ced18d109"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 05 Oct 2023 16:45:10 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
468 B 252ms
156ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 8117222e6aa8362f-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 1219ms
1197ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:11 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Thu, 05 Oct 2023 16:48:11 GMT

GET
H2 200 kuailexingmaoguoyudi18ji-jinyong.jpg
static-a.xgcartoon.com/cover/ 32 KB
32 KB 1063ms
955ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/kuailexingmaoguoyudi18ji-jinyong.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29d624398032009290d2f6f32f7ac054d83b820e00d46158e8dcd8424c7fa565

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 26 Mar 2023 01:16:32 GMT
server: cloudflare
etag: "B30018D41F74A3E60AC99F5612F97D32"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81172230cc344d5e-FRA
content-length: 33048
expires: Sun, 08 Oct 2023 06:04:48 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 611ms
609ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:11 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Thu, 05 Oct 2023 16:48:11 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 843ms
841ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:11 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Thu, 05 Oct 2023 16:48:11 GMT

GET
H2 200 wulongpaichusuo1996_guoyutebieban-qiubenzhi.jpg
static-a.xgcartoon.com/cover/ 73 KB
73 KB 610ms
503ms Image
image/png 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wulongpaichusuo1996_guoyutebieban-qiubenzhi.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba6f765e9b828424f5d95fbf503e44778298110585eee6343651961b4e20fbeb

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:11 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 12:14:54 GMT
server: cloudflare
etag: "FD5B3B60D7A8D2324FFE16E8EB141073"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81172230cc384d5e-FRA
content-length: 74448
expires: Sat, 07 Oct 2023 12:34:47 GMT

GET
H2 200 shiwangelengxiaohuajuchangbanshiwangelengxiaohuadadianying2014guoyu-luhengyu.jpg
static-a.xgcartoon.com/cover/ 7 KB
8 KB 402ms
296ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shiwangelengxiaohuajuchangbanshiwangelengxiaohuadadianying2014guoyu-luhengyu.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 945818b0f0dbc0dd7405b2ca124d9dd0c287745c800d21fab72fbd418e1a2aa5

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:11 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Tue, 18 Oct 2022 10:42:17 GMT
server: cloudflare
etag: "023857A3B9AFA4F658C8BA319951096B"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81172230cc3d4d5e-FRA
content-length: 7618
expires: Sat, 07 Oct 2023 09:56:38 GMT

GET
H2 200 mingzhentankenanriyu-qingshangangchang.jpg
static-a.xgcartoon.com/cover/ 22 KB
22 KB 1063ms
957ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/mingzhentankenanriyu-qingshangangchang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce14a3673e7bf6974e5ff7a09a53415698aa376d3d09d95c9e453a88b701ba3a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 16 Oct 2022 01:08:43 GMT
server: cloudflare
etag: "70BD17A93C0E6272384AD0873D105543"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81172230cc3e4d5e-FRA
content-length: 22156
expires: Fri, 06 Oct 2023 12:00:31 GMT

GET
H2 200 jiamianqishioooouzi-dongyingzhushihuishe.jpg
static-a.xgcartoon.com/cover/ 11 KB
11 KB 1014ms
908ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/jiamianqishioooouzi-dongyingzhushihuishe.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67d876ab8150c4e239e39d230ec802e7b42488da2eaa80cfbbdeee9c9aaee5f8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Thu, 11 Aug 2022 12:21:40 GMT
server: cloudflare
etag: "3B1382C9E0DB54E1E8124D8417B3CC84"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81172230cc3a4d5e-FRA
content-length: 11491
expires: Fri, 06 Oct 2023 10:33:56 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 8 KB
3 KB 123ms
65ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4de6c8a24d8959593744ade6de22ed29b5404dcdd0243d43e52209b56383f66

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 03 Oct 2023 20:49:09 GMT
age: 158162
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2976
x-xss-protection: 0
server: sffe
etag: "38f77e2398a961a5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 02 Oct 2024 20:49:09 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 237 KB
63 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fe4af134347bf9383f0946d8417a70e5bd69298876a68c4b578ab6bdeacad81

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Oct 2023 23:09:04 GMT
age: 63367
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64159
x-xss-protection: 0
server: sffe
etag: "694de4ba2c310625"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 03 Oct 2024 23:09:04 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012309181453000/v0/ 12 KB
4 KB 39ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71c87286b7656c279d8c6276b6602373709af8c8d4405cf94dc74e71ac9fd3b4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 05 Oct 2023 15:45:48 GMT
age: 3563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3930
x-xss-protection: 0
server: sffe
etag: "2c64beef00f20bbc"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 04 Oct 2024 15:45:48 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
14 KB 908ms
585ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=4006464&ga_cid=amp-IONbV4-KKoMCgdSzZWirDw&ga_hid=6464&dt=1696524311375&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&bdt=781&dtd=214&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff3914cf46d654d5d707dc58a81bcafc2f8729371057ba4a1e415187df14f409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14152
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CI6m88et34EDFcLluwgdpNoJgw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 1249ms
956ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=801&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=4006464&ga_cid=amp-IONbV4-KKoMCgdSzZWirDw&ga_hid=6464&dt=1696524311375&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&bdt=781&dtd=217&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d051ece707cf5f0ccf636989406d8dd99b585d5a821dc756f07e3092cf87502c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23574
x-xss-protection: 0
google-lineitem-id: 6137564879
x-qqid: CPez3cet34EDFVfzuwgdDgoPOg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138432786392
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
14 KB 631ms
439ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=4006464&ga_cid=amp-IONbV4-KKoMCgdSzZWirDw&ga_hid=6464&dt=1696524311375&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&bdt=781&dtd=247&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81ece752536b1b7cdcf808a4a191c32ae732b23e181cd7b550ba21c75bfc6d43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x250
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13288
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CKSf3cet34EDFRaZ_Qcddh0KOA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 107027454513
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 980ms
788ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=4006464&ga_cid=amp-IONbV4-KKoMCgdSzZWirDw&ga_hid=6464&dt=1696524311375&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&bdt=781&dtd=344&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0af03d2d41d9f34e142ddcd442e8e2a5da663d873bd1ebec3da82fc6da2b0dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23603
x-xss-protection: 0
google-lineitem-id: 6350518038
x-qqid: CPih3cet34EDFRKg_QcdiQsHtg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138441357283
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 669ms
477ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309181453000&d_imp=1&c=4006464&ga_cid=amp-IONbV4-KKoMCgdSzZWirDw&ga_hid=6464&dt=1696524311375&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&bdt=781&dtd=345&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81e737602d00a22ff43ca19139a7036607aa92fcbe40f420116850b97a1ddcb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23568
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: CNaR3cet34EDFcyT_Qcdq3AB6Q
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495322
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012309181453000/v0/analytics-vendors/ 2 KB
886 B 30ms
30ms Fetch
application/json 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309181453000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 05 Oct 2023 03:37:27 GMT
age: 47265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "6c7d99d062e3f63a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 04 Oct 2024 03:37:27 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 219ms
219ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Thu, 05 Oct 2023 16:48:12 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 290ms
108ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=6464&cid=amp-IONbV4-KKoMCgdSzZWirDw&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&dr=&dt=%F0%9F%8D%95%E5%BF%AB%E6%A8%82%E6%98%9F%E8%B2%93%E3%80%90%E5%9C%8B%E8%AA%9E%E3%80%91%E7%AC%AC1%EF%BD%9E8%E5%AD%A3%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1696524312&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 353ms
167ms Other
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html Show response
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 56DC 6 KB
3 KB 167ms
136ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:12 GMT
expires: Fri, 04 Oct 2024 16:45:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0036 6 KB
3 KB 192ms
166ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:12 GMT
expires: Fri, 04 Oct 2024 16:45:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 29C1 6 KB
3 KB 200ms
194ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:12 GMT
expires: Fri, 04 Oct 2024 16:45:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EF97 6 KB
3 KB 125ms
64ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:12 GMT
expires: Fri, 04 Oct 2024 16:45:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 56DC 24 KB
7 KB 796ms
30ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 555064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 28 Sep 2024 06:34:09 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 56DC 18 KB
8 KB 1132ms
0ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7d8a10bf4f06c8a3e85cb9f27253e20bed0d3809734441fd7eb97b582db8e61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7901
x-xss-protection: 0
server: cafe
etag: 17819688631944886927
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56DC 187 KB
59 KB 518ms
245ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 0036 99 KB
29 KB 328ms
327ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45e51a72bfe3766f65da342bf28ad6f43c265d537da80ca5ac08535e99be0d9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29466
x-xss-protection: 0
server: cafe
etag: 6 / 19635 / m202309280101 / config-hash: 6632683956607849806
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0036 187 KB
59 KB 837ms
591ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0036 0
438 B 82ms
81ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshaSPhLoJ1C_FWzAu9L7n4KIKsJBYFcsAUj2ErjL8KvidDKY-sai1_nIzjjjtfBaLg4zHa5C34rqiYnk5qf-xH7lzF5YxveDyFLo695ym1NRY4Tq6TIUERavuIqpRQ0ourV9S86D2HEEhQe52joPVzGq7CsuOMbgNO2zytbXsPFLnytnJWkL69miuOyUxY-X_QU38r96m6JtTP72Ts1LTlraONqxDQ7qwHORLWaZfMIxZM6D9ew3a9ekXPx6TkSIDMlG2oRkI3OGuz4EVg6J3E-qlfGJMsiUW6nf7V3tcfLEtzzpo2GK9WI6Q4-WDtAnpMyYxHZG0CcrQY99yjA0w3FA_btjxYHTl7bzNc9yOoRh9V&sai=AMfl-YQQdcfrg7EW5rcQFXWtPnpxaj8PWshOQMCQRUV7vEceUjPj5AukpDVEqeAjVvb4ok0beRp8AK1v6LFVPOc&sig=Cg0ArKJSzEqOcAPrSeLWEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:12 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 63D6 54 KB
21 KB 675ms
0ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oGAAEnQ4Iu-XCAAnapKRhIsBij9Ro4NmpAw&u=%7Ct5yctyyaovj87N%2FRYmD3EBJzAEocNvEKqwlaNdtRy6U%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAjx3LIdsTANZ9z2fZ-FGQxHUampl4RJristc7ZoaikIV5-GqEmFeQzbkC6bm06yOssx3WowKU4yETizdUl11Q3Qy30CWhvxkGJB7Y4kTDu8AN9n2jTPm8c9UqeTFHVYjb6A5Ie5Y3dSsumeeFoYFV2UBVxM5DYKqKKY7KvzrVLIrTYM1ZSARAYQoXeOxyyUkdjI4HFfYSoXwk2H9oHm87VEDwpslL5Uo-pvjWaXWOwrGmmMK7c2yoaLZFvXIz2BMPM5ctCp3N-pid7F1JTFCGQHbP-2ie3m2Z9cDa76ErP3z-F2cwIwQZ5bpkTlAOIIHDmtXNQ1uEWh9gwi1hiNISJo24hg9pZEWvGXLe2fQzYdd4E0_OStbWDHFCfRadgzvHgfylbMQBe36V3ZjrGWIvgXEIV_vFVpgWR1pcJt2DEhnGDltQJxMf2_I8C_cPZbdqFWgwJNjPwh_RQjmX3fQ90ahtGiYkOpTYdUcSGzxGREI-T4da0JiQCYziPlyJ_O92TKhmIiSKqhypnweVXLgrbbDAxVeqbHW3-NmMfQj-LyOAnj3uulUP4d&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCie8mGOgeZY66EsLL7_UPpLWnmAjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-4AIAqAMByAMCqgSoAk_QWNITaPA5aUDk_4ZHy8GVQ5CWe8Ly2u7C174Ei6zi1D04-lIDGwfJN1qP-S5Zjs7waZ98bLbMcOzPMkLSNpB9QbxtzhGbTIH5GtGtK7DByARqzxKTiagXja2cLDMawFFjFSFAnC1JbgcZaPODKMaoe5JDs_CacobknQExLmwWSllhzk7HequYeI7Mj1rUellN-thE0z9Y4TkqR9csgzZVpU4d98de4bL3dVgkvOeTMVUsCf_5uxKqP1RXG8y0RrbbhxeSGrUgz75UmuxLDsiseGVolByG4ToSNT_9n-itvHheN2DKuXV9GU7DibXH64lhA4XO_ZSXW9NJQc8jP41C1UHTkh7CsCKtKOhyeuCzBsYlW0TslFj_X_EyCAh5BkuOjImsfQOa4AQBgAbixZv_5-mX7SCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1iwhA_6p8f_rQvJ4hMUSkGuPcjhA%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

93258ecf2bc065f77b8a06cb3d3dcee332eb3ade038dc28dd04fcd5f7bab74de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:13 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ZH19zraB_6OmCnhV3cTDEIrk149KxM2UuZMHws52402SH4Jgi3dLqWcDaeRT34pzjwLRUNb2Xt3yHOr3-CMWTfdlHx3O1n20vbJhNjeeWrzLRQtUHjAwuFAS5kCwvNiAAIep1Cpz_AYUUaqsfdf_TBpomEXzfG0UXNs2HvvAOCnD-nJuSRjdH1xhSym-vWG6ULh73SOmIoGKj0HtrPU2okr2Z3LtOENdarG59lnmHuRBEwmVdVDOPJRejArb6JWqNqa07A"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3962234
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 29C1 3 KB
1 KB 722ms
35ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5986
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 29C1 20 KB
9 KB 707ms
22ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10918
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 29C1 24 KB
6 KB 722ms
38ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 555064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 28 Sep 2024 06:34:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 29C1 187 KB
59 KB 646ms
454ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H3 200 container.html Show response
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2DD3 6 KB
3 KB 51ms
50ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:12 GMT
expires: Fri, 04 Oct 2024 16:45:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame EF97 99 KB
29 KB 240ms
239ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

edd00d0f3d37ab8e6e4a7e80205bd12cecc5cc47cd872c49a73749244e01dde7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29484
x-xss-protection: 0
server: cafe
etag: 814 / 19635 / m202309280101 / config-hash: 9005805658755823272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF97 187 KB
59 KB 572ms
453ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EF97 0
26 B 162ms
162ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst6At-dwRv0-B0lqlDd564pNoi60k1KAIpkESBfc-FEAYy6dxOly6LmUkFN4Mf5KL2yTZHL40Ji1oUSANTnLAPDE0QQOUhRCaSocz5HTgYFTrVnNMf5PuNiDw25pjwVkYruQ_Vp-JGBCzbIqIa3Y-SZ11mwbSQkt3aQg1e5HCSbuJZjkBjm3roqpJkGoT0tHkeYzw2ONWULsxo0WU3qj48LgBqSRxRVwSCGHZ6eScjjDPU3XEDyXrc8nVok0MDrjEZOgGSN8ZE-IWhKvvwO4yMlcua2n-vQUshLITRXYUFRZMyPon8uekY-KUBBt2OpwuZVXAFbMzMtpdsiHgbOYMXWl5Z5z_FkNBh-J7anx6gWHbc&sai=AMfl-YSHBCfJSAbz8Y4RLyoCV9WtxtdglgBdl4YYyJ3Gj4S2XrZ2dvA6ozc9nBmrbeYVIW9JJm9Om8zPCBgKwPM&sig=Cg0ArKJSzItjV84YIfGlEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2DD3 99 KB
29 KB 473ms
274ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84f9b6d8cef38850ab0eb7084b7f8f3093b31789aeddde469d5375e2b9fec8b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29467
x-xss-protection: 0
server: cafe
etag: 857 / 19635 / m202309280101 / config-hash: 6632683956607849806
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2DD3 187 KB
59 KB 416ms
210ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DD3 0
26 B 458ms
260ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLi8GtzQXfUV0tLvy0YdxPDJJ3SICG0pQNR3zi_-pmgiAqPLBD5t3mfvfmN1gYlFTTVD-JGZ4WLklA9hU6wE0w1bPL9jFDRKEbJPZCMczi8aAGMJGehgUcrYnhc7ExCeatz-17rYVS_aZ1WBqPDxq2jlubQdXNY0jfZbgxadNM-kT8__wlg60bvU_mvL6eEgYhPOLJHBnsgCy7kg5Lp12yQapjff4wR7fCumUJDKkHd64JNyaKhFAkSgJ8SdlcZxCnV_9pS_iYZEMHPliPjUBRAilBTwEefCU3ocO-w75RIkw9u2j1YTAEsawansL5e-U5fZUK9IMMTBBwD5NzsCdR0rKbxh3DAv2EDCZkIgo9FvPU&sai=AMfl-YQv7ztw1EBwJIN3KnAtFMkMFCij9ApSZeSsU9VlKoIkyL69mQugOZQCkJkNf_H133bICcJNPDsFBgoPz_M&sig=Cg0ArKJSzLMunE22Yug1EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/ Frame EF97 413 KB
130 KB 58ms
22ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25940
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133452
x-xss-protection: 0
server: cafe
etag: 5291400228273913750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 04 Oct 2024 09:32:53 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/ Frame 0036 413 KB
130 KB 238ms
202ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25940
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133452
x-xss-protection: 0
server: cafe
etag: 5291400228273913750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 04 Oct 2024 09:32:53 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 63D6 2 KB
1 KB 357ms
0ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oGAAEnQ4Iu-XCAAnapKRhIsBij9Ro4NmpAw&u=%7Ct5yctyyaovj87N%2FRYmD3EBJzAEocNvEKqwlaNdtRy6U%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAjx3LIdsTANZ9z2fZ-FGQxHUampl4RJristc7ZoaikIV5-GqEmFeQzbkC6bm06yOssx3WowKU4yETizdUl11Q3Qy30CWhvxkGJB7Y4kTDu8AN9n2jTPm8c9UqeTFHVYjb6A5Ie5Y3dSsumeeFoYFV2UBVxM5DYKqKKY7KvzrVLIrTYM1ZSARAYQoXeOxyyUkdjI4HFfYSoXwk2H9oHm87VEDwpslL5Uo-pvjWaXWOwrGmmMK7c2yoaLZFvXIz2BMPM5ctCp3N-pid7F1JTFCGQHbP-2ie3m2Z9cDa76ErP3z-F2cwIwQZ5bpkTlAOIIHDmtXNQ1uEWh9gwi1hiNISJo24hg9pZEWvGXLe2fQzYdd4E0_OStbWDHFCfRadgzvHgfylbMQBe36V3ZjrGWIvgXEIV_vFVpgWR1pcJt2DEhnGDltQJxMf2_I8C_cPZbdqFWgwJNjPwh_RQjmX3fQ90ahtGiYkOpTYdUcSGzxGREI-T4da0JiQCYziPlyJ_O92TKhmIiSKqhypnweVXLgrbbDAxVeqbHW3-NmMfQj-LyOAnj3uulUP4d&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCie8mGOgeZY66EsLL7_UPpLWnmAjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-4AIAqAMByAMCqgSoAk_QWNITaPA5aUDk_4ZHy8GVQ5CWe8Ly2u7C174Ei6zi1D04-lIDGwfJN1qP-S5Zjs7waZ98bLbMcOzPMkLSNpB9QbxtzhGbTIH5GtGtK7DByARqzxKTiagXja2cLDMawFFjFSFAnC1JbgcZaPODKMaoe5JDs_CacobknQExLmwWSllhzk7HequYeI7Mj1rUellN-thE0z9Y4TkqR9csgzZVpU4d98de4bL3dVgkvOeTMVUsCf_5uxKqP1RXG8y0RrbbhxeSGrUgz75UmuxLDsiseGVolByG4ToSNT_9n-itvHheN2DKuXV9GU7DibXH64lhA4XO_ZSXW9NJQc8jP41C1UHTkh7CsCKtKOhyeuCzBsYlW0TslFj_X_EyCAh5BkuOjImsfQOa4AQBgAbixZv_5-mX7SCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1iwhA_6p8f_rQvJ4hMUSkGuPcjhA%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:13 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 63D6 2 KB
1 KB 354ms
9ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:13 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 63D6 308 B
636 B 350ms
0ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 29 Sep 2024 16:45:13 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 63D6 293 B
621 B 350ms
0ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 29 Sep 2024 16:45:13 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 63D6 43 B
348 B 528ms
166ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=KP8B01u69ZGzjz5FEfJZITS7H4XakWeRbH7i0BtOVAput72BqUy5r_tJbrfuC9H06Lp7WS5zge24plHyONLKflIb05XS2zy6nW37xfxYHZlAP9i2q-lRrCZE5QIlQFQEAhLTKyczwbZG2JDpq-q9Qtx7f2Y5AV8n354VPaStixhI5DWP7tGVgsTppXWqfYecKEfCzybgO1Kkb1g7Lzzn8pek0WVcv3aVWCx8QNV6lzvs4padhYvdhLDsQuS44a6yqr6zl4i5MgMelncujk5m9BDY6pCksjpYJr4BsOkMmYIPLdmeti5Ji0p8Tn1pfoH0aWUtCx2vbFL4S7Xtmbi_746ICBFJ3bQmQQVJyRwIWH45e8i8YS8DLA76byZ82sPni0yQIWO4fClcAp8BMsLAK0gyX1_TbLP24NhUymHK29hDqcyc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:13 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1562388
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 d96f58bc58e647979ece19cec75d51a9_image_ad_728x90.jpeg
static.criteo.net/design/dt/99645/4842297/ Frame 63D6 62 KB
62 KB 359ms
2ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/99645/4842297/d96f58bc58e647979ece19cec75d51a9_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5aacd2e9c7ec1a3b33bdbce9a72f0fa9a3ac84151bb3c94ad3ceaab8467001a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 13 Jul 2023 13:32:50 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64affd02-f615"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 62997
expires: Sun, 29 Sep 2024 16:45:13 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 63D6 0
128 B 378ms
165ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ZH19zraB_6OmCnhV3cTDEIrk149KxM2UuZMHws52402SH4Jgi3dLqWcDaeRT34pzjwLRUNb2Xt3yHOr3-CMWTfdlHx3O1n20vbJhNjeeWrzLRQtUHjAwuFAS5kCwvNiAAIep1Cpz_AYUUaqsfdf_TBpomEXzfG0UXNs2HvvAOCnD-nJuSRjdH1xhSym-vWG6ULh73SOmIoGKj0HtrPU2okr2Z3LtOENdarG59lnmHuRBEwmVdVDOPJRejArb6JWqNqa07A&sds=2&rev=88731&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 16:45:13 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 63D6 2 KB
1 KB 189ms
0ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:13 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 63D6 2 KB
1 KB 120ms
113ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:14 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56DC 0
26 B 312ms
240ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsucE4cI39ie4BGud48s4WkC5o-UgjIqXtMcAerIyUnsMPZ57NIEBgMwS_dpWTGhYAArraFT1MMqrf5WG_CTUzX41JP7Bg7RZjMv5Tc4iAS7WO7hcHPpPnZVLqGEmyqIpRWcta1ScWwDdiXysiK2fYpBZ3OCuqhlqi34RW2BBoSCUNAd6vMSrzi_Q25hHCnqyapELr7YlG4TnJni8449FEXZbnd7dnD_uGUurphg_h7X4KU6tzvTzMM-xwU7qVjRujHRL9oKfyNx18NLnzf42cGyt1R1F5xKPEO60DK6zyxAtHvGVUaqLFj5DRYhOFBYZfTo17appyOAUcqrkZRHnjCjBgWns2vk9KvMyQ8v&sai=AMfl-YR2Ux6YdYm11lyOKiCSpn2chV_gUxTukVeg84y-gY4j-_z3JpQBOu1fw8ujl_A1D_Arj9aRaAWXV8TQRuk&sig=Cg0ArKJSzGcV-6hoa_QcEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 29C1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82518be720df1f6555191122573b12273023bcd0984b7296060989d5e28e765a

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 56DC 143 KB
50 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a50a21275ceb71d064f6a534bb36e09c54686420b88c3dc219b548588a8e570d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50579
x-xss-protection: 0
server: cafe
etag: 13379132893063582645
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:14 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EF97 155 KB
53 KB 341ms
340ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2051023511803790&correlator=3115643194391638&eid=31077098%2C21065725&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com&abxe=1&dt=1696524314739&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=76exfv6srrxy&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&loc=https%3A%2F%2F948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1696524312996&idt=1677&prev_scp=in2w_key9001%3D1%26in2w_key%3D26%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D26%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=3148765531&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

837d34e0a07549292f03b1851081a07935685c714a2704305cb65d93236573de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53975
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D255 6 KB
3 KB 46ms
28ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:14 GMT
expires: Fri, 04 Oct 2024 16:45:14 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0036 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11e3b7652da2fb4419f0553b65e1438f658ef16949a01241d4ce3387b51725fb

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/ Frame 2DD3 413 KB
130 KB 33ms
26ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25941
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133452
x-xss-protection: 0
server: cafe
etag: 5291400228273913750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 04 Oct 2024 09:32:53 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0036 56 KB
20 KB 345ms
343ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=85455581449384&correlator=1085367004670071&eid=31078015&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com&abxe=1&dt=1696524314852&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=3ie3wp4xerss&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&loc=https%3A%2F%2F948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1696524312857&idt=1959&prev_scp=in2w_key9001%3D1%26in2w_key%3D21%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D21%252C22%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D10&adks=854963887&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

839f7c2acdfe53055762a8aa80b4a33f81b4534e5b036c06734805575f0b5c64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20337
x-xss-protection: 0
google-lineitem-id: 6135185025
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376945794
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 31CC 6 KB
3 KB 88ms
70ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:14 GMT
expires: Fri, 04 Oct 2024 16:45:14 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 29C1 0
0 117ms
113ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CuoGgGOgeZY66EsLL7_UPpLWnmAjJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-4AIAqAMByAMCqgSlAk_QWNITaPA5aUDk_4ZHy8GVQ5CWe8Ly2u7C174Ei6zi1D04-lIDGwfJN1qP-S5Zjs7waZ98bLbMcOzPMkLSNpB9QbxtzhGbTIH5GtGtK7DByARqzxKTiagXja2cLDMawFFjFSFAnC1JbgcZaPODKMaoe5JDs_CacobknQExLmwWSllhzk7HequYeI7Mj1rUellN-thE0z9Y4TkqR9csgzZVpU4d98de4bL3dVgkvOeTMVUsCf_5uxKqP1RXG8y0RrbbhxeSGrUgz75UmuxLDsiseGVolByG4ToSNT_9n-itvHheN2DKuXV9GU7DibXH64lhA4XO_ZSXW9NJQc8jP89A9NNTAc7_FvKK8mRSk0S9IcyTUWr0Fuw3YlfAtxZVHtNEGKlF4AQBgAbixZv_5-mX7SCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=pWVoQQyWGII&uach_m=[UACH]&cid=CAQSGwDICaaN3HGhpJRCfDKPkI1aefQv552kZqKPhRgB&cbvp=2&vis=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 29C1 0
128 B 2610ms
101ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k5vwFO-uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRAY6B5lDsgpDijOr64Q2AAAEgAACgpBUVVCQVFFUEFR&wp=ZR7oGAAEnQ4Iu-XCAAnapKRhIsBij9Ro4NmpAw&cbvp=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:17 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 22506536
server: Kestrel
content-length: 0

GET
DATA 200
OK truncated
/ Frame 2DD3 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 095e2cc17b7c6d5f775987860b3c48e699bec533cfe9917c9458c609983fcea3

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ Frame 56DC 380 KB
129 KB 175ms
128ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68295810248574426d37c55772795cd2f60f2ebc7e42ef35c6aad656e81cee0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131764
x-xss-protection: 0
server: cafe
etag: 16485921629841527761
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:15 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/ Frame 7BB1 10 KB
5 KB 72ms
70ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 12263
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:20:52 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 13:20:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EF97 0
0 184ms
100ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuC-JT0OlrJtlXM9veMqPkG4K1CfVr-MIIY3j_eLQxtZ_FASTygvbgbbnRSjAt1JfJnL4WfEhn8ckIn8LAvOFgnbteS2DZU8LpSrp-b1gg1zfZdS5_pCfMd6El9s4MUIsXHoo1sQ9BENAgORZKErAtAyjNNeh4amRXPP4Y7nV_IXJaryYHAYuGnb4kt3zUq6-onXmUqb3i1_i9KRP3PKMld5-roc5iAlAxVmrsQ5IcrPCoKZdKXQiOwAJMt00dsPQwpr-3Mz-cRtIIqtBs0tXkq_jIqxm7_bj0BDnttg75sGlXwgwC9Lhod9wCn3rPLSl9fi84oDkio63NWKSHDTijKzTM_TPoAl4MzAOQVvXqO15R5Tg&sai=AMfl-YRyzu668kT-3ngWRfpLQpqhac2GmqcSOsOV2gtFB5-TNxmHlk6P-Lwlcc_X9iVOjphFFPiuQt6kV1AxOnM&sig=Cg0ArKJSzEgDFLuWlqbnEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:15 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EF97 16 KB
12 KB 185ms
99ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e8e7d5f09df9a9f905915164a58bcea935e0b14581e285bf282c8fd38845b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12126
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 63D6 0
127 B 48ms
47ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 16:45:15 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0036 0
0 180ms
99ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZaHitr9xQjxSDqo6vBQ6Z7um42wagpjUzpBZg3TngvN2sji-KAcHZ6Kf4froxENTHSUL8XNkSWtz3sfp5WeOfE_Lr2Bbbx-AdkcG6OcppZkDbzkHWr0F28vE9cZsTSwaXDme-wPxdKXf7DY932fDa1JQA66n0Ik2g0O7sj4XQRgqOziUAHpgPM7YM_mBtvscrtMLH2S4vmxNT3GabUTwAiZFQH7OPUDONvz1qpI_I9fQ7LK8mPSpgw40D8xWfokzwkKRpBZIl227C9f69Rky1elnBmpXNr3QDFQozoFYtyB0jN7JtZ99KeGTzOclPAjzp3jBz7fjEaJgIr1zVRmEh3pQ75-aN65tdlALr-BTIfYQpl1w&sai=AMfl-YSXtiLumipsGdHX8F30CkqrV_s9Q9QTzz2c6xEtJsTq2RZfhAsRdWpJqqTSiiyGJBISuUDCEy1n6uOSN3s&sig=Cg0ArKJSzIrqRvKqL_DHEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:15 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0036 16 KB
12 KB 176ms
96ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd0fc395f3e93632f4a4959618a99ef5842f83ae194afa6055ac6db304b7f1e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12039
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 29C1 42 B
64 B 171ms
170ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvFjsk7Z_9_xHBSdainIJ3LYuW05sqRQHMHpfeT6gWCN3EBX2B9pM6Y3Rdr-rL77UOTc1y_EBAxRZHdL_0RUG8771obzqNsyt3t7ns&sig=Cg0ArKJSzPd9zJ0mX2b5EAE&id=lidar2&mcvt=1007&p=0,0,90,728&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696524312569&rpt=1673&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 2DD3 61 KB
23 KB 177ms
175ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c0a8f02e8ef795aecc87e8e323c15fdf29287d20501d6ea0cf1dc53e2d2ea9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2013
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23347
x-xss-protection: 0
server: cafe
etag: 5707400221330747696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:11:42 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2DD3 27 KB
12 KB 305ms
289ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=71863667508588&correlator=121718338944118&eid=31077098%2C31061691%2C31061693&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com&abxe=1&dt=1696524315535&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=man5u3elpb8h&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&loc=https%3A%2F%2F948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&rumc=71863667508588&rume=1&vis=1&psz=0x0&msz=160x0&fws=256&ohw=0&ea=0&dlt=1696524313187&idt=2196&prev_scp=in2w_key9001%3D1%26in2w_key%3D1%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D1%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=1643673717&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fc7db3b4d954cee6431fdd3b4be2fab558051f1f6f5c010aa2c7f839a56592f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12255
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AB86 6 KB
3 KB 161ms
30ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:15 GMT
expires: Fri, 04 Oct 2024 16:45:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C37F 0
0 95ms
74ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuFi8ZBIvNh-4-DsXYdzUzMs-dg6_OPZCendhXU4BV52XC84ghHqlzvdjdJUhKfX1WMNHPuBKc-LSz_l4lBanPx3y38wcVL01yjARHnUpRHMIG-C4V_VNyKiUMZQX1jdpl6NOaicOu9iinEANKH0jioWl_w_tlc0NKBaEuRYXdnHk5mk0IFITxnSyYRZXZllPr9Re2Fg5Okp7XHM7ISBSgRAET3bLaXYauD2v7ZE8BuBGXMOjOmb0LKW5lw0yktt146au-IyMoHP9W3tBYfwUckEhpYoykSaR_NE-94wMN96dcTpm7VZ-eUV4Yuy0VgBip8fTxcNvX6pAfU4Ti77Ey9vZAxKsC3I2lY0RmN8yVM2nCf&sai=AMfl-YQ3pg8I8gj7gAE3VNTyo1-cAAmleDdWUDIztU-ef8ojQg0ZBCellloAK-E_vCBGaRQoakPhvXZM9ik7OXJ1iWagqTJa_5DbEvwS2A&sig=Cg0ArKJSzJOljS7793mLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C37F 187 KB
59 KB 56ms
46ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:15 GMT

GET
H3 200 container.html Show response
2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E5A8 6 KB
3 KB 162ms
140ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:14 GMT
expires: Fri, 04 Oct 2024 16:45:14 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EF97 17 KB
7 KB 75ms
36ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 16:45:16 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0036 17 KB
6 KB 76ms
42ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 16:45:16 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0036 25 KB
12 KB 391ms
390ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=85455581449384&correlator=1085367004670071&eid=31078015%2C44714449&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|468x60|728x90&fluid=height&ifi=2&sfv=1-0-40&rcs=1&eri=5&sc=1&cdm=948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com&abxe=1&dt=1696524316444&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=3ie3wp4xerss&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fkuailexingmaoguoyudi18ji-jinyong&loc=https%3A%2F%2F948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=728x18&msz=728x18&fws=256&ohw=0&ea=0&dlt=1696524312857&idt=1959&prev_scp=in2w_key%3D22%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1%2C1%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D21%2C22%26in2w_key9001%3D2&adks=854963887&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a67c1169d7a45914bb6766fe05e4fb7b840f7a864744b8fa911a9da40649391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11957
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7CFA 38 KB
16 KB 567ms
566ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9c276a9862d00b6715b7ae88c7363184aabcc6e8a1a1e446ca6c206a0a5410b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16495
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:17 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DD3 0
0 277ms
139ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuCwRy9L6ENfJSGqvx2bAI8eANU--nr7EL8ia1eOVrfyTvgCEiKA8n8URRbS8e70QbdtZTPjeNsW8jvb4hPuwewCUwyUiCtVEqxrxPRJh8KNs-MHFrp9Sr11Y5npDT-5uEdfiKrI-cPuBoXhb5GFz7LeeyLLFimTCXQzqxkvqZOT1FBClhwknHqO76kRpfrlrfwYKEv6GD14uaWRVofDQAXzEhpXa7E6ExcnIW6kD_eOZqDROgXtn5h-UB2mUnNhmKIvqzlIfEghG3pWAdkZSpObPYEWlY6UmR7BSVT7KEcfWJKD-Asj1cj74CcNTj38Jj71DDbpYHmwMyh7PZJWXVb_RKn6YQBlKnDiSidk6OAOT5Y0HI&sai=AMfl-YTeH2vxCvHEHLUrpnl7v2uZvRqJrF2Fb_PkkY4linXqk7KJo6Yx3cj6V3GKBaspWjkn_T2NIiB1jBaXVLI&sig=Cg0ArKJSzIjc8UiI6BvwEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:16 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2DD3 16 KB
12 KB 311ms
173ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df402cdd92acad3d33b69001cac99ad29c5cc9b626cd194a67cef75375150c39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12067
x-xss-protection: 0

GET
H3 200 container.html Show response
65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 191F 6 KB
3 KB 50ms
49ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:15 GMT
expires: Fri, 04 Oct 2024 16:45:15 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2DD3 0
20 B 148ms
145ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com&doc=complete&pg_h=600&pg_w=160&pg_hs=600&c=1&aa_c=0&av_h=600&av_w=160&av_a=96000&b=0&all_b=0&d=1&all_d=1&ard=1&all_ard=1&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C37F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 120b647b585ca7fd31b4c949469e8da6e0ff58452e1f78011cca84db04830b9e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C37F 0
0 90ms
85ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuE6n7aiE5SqADW1C01UgeKE3P_xBdsrL8-RZOOM8xogduBpdDclx03HqEyTJvel9BfsIwmyfjfx2lH6DuS5lWMDoqiWUVdpvbetyVadI9r5h1-Ke9BOOfBOHvtYi-V3qewOyS81QgkOcyoJEk6aAtohNB1BqOyV9J38IAk9mOqL0a0sk2igze9za3vh6yyNmLW5WnCHB0aqrJThJpRkRxk0kzauFjgYL92SI-xnlBRkdcbujb86ohuiRvPjUlljOkpBEFp7v6uZNzoS5-Sn9ApS_iI96pxRm8qp5MUzr110xhyJwh-GA91OIAllEQBabovxMBaUcS7PyknFv_A435tValnRk7gdb5WJ3pp7O1pJDKNkbM&sai=AMfl-YQW-BxTvAJneihi97-PFL3eMWQ1d10ZaNTmdpx6tZAIOXgXrsJe_d_yqu74sj5CkY7nQk2Gccn5vPScP3hHraO9jbVGbcs8f8Qzog&sig=Cg0ArKJSzGkyMoZYiuEMEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 7CFA 3 KB
1 KB 35ms
32ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5990
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 7CFA 20 KB
8 KB 59ms
26ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10923
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7CFA 0
0 548ms
135ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7zghOaW8cv2fubZVpeGjFh27oeqa9j_LU1tVAXoXg5whCFRgDGxqUxrc0NZcy2HFWPg5nsqPjTHneuRYIdFb3W96ZbA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7CFA 187 KB
59 KB 387ms
371ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:18 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 2DD3 0
234 B 867ms
307ms Ping
image/gif 2607:f8b0:4001:c10::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lnderwni&c=71863667508588&e=31077098%2C31061691%2C31061693&ctx=1&met.3=492.a9_1~947.1vx~74.1vy~49.1vy~598.1vy~49.1vy~49.1vy~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~49.1vz~947.1vz~43.1vz~648.1vz~21.1vz~86.1vz~947.1wb~86.1wb~86.1wb~86.1wb~86.1wb~86.1wb~6.1wc~91.1wc~95.1wc_1~77.1vx_f~724.1we_2~894.1wh~1132.1y4_f~947.1yj~573.1yj~598.1yl~52.1yl~50.1yl~50.1yl~50.1yl~50.1yl~50.1yl_2~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~50.1yn~808.1yo~808.1yo~112.2u4_7~738.2uc~749.2uc_8~94.2uk~646.2up_1~800.2va~800.2va~800.2va~800.2va~800.2va~355.2vb~709.2vb~647.2vb~965.2vb_4~801.2yv~801.2yv~825.2yv~355.2yv~825.2yv~708.2yv~355.2yv~708.2yv~736.2yw~947.2z8~573.2z8~598.2z8~113.2z7_2~735.2za_1&met.9=1.1e1~2.1tz~9.0~3_1.1yj~7_1.0~4_1.2up~5_1.2vm&met.10=1_1.CAAQABj___________8BIIUUKAE~1_1.CIDuBRAAGP___________wEgiR4oAQ&met.7=CBsQCBgBKAEwbjjuHGgDcDV4iReAAd0UiAGSMLABAbgBA8ABx7SltQw~CDsQChgBIJsDKJsDMPEHONYEaOsEcP4GeMfoAYABm-YBiAGQlwawAQG4AQPAAeLN6pYJ~CE0QChgBIJsDKJsDMPEHONUEaOwEcMYGeLfXA4ABi9UDiAGu2QuwAQG4AQPAAejupb0D~CCIQBhgBIJ0DKJ0DMPAGONQDaOwEcO8GeKwCsAEBuAEDwAH2j4S6Bg~CEMQChgBIIsOKIsOMPoQOO8CaJIOcKwOePiUCIABzJIIiAG86xmwAQG4AQPAAbaw-YsC~CCgQChgBIJ0TKJ0TMOsUOM0BaJ4TcM4UeN-4AYABs7YBiAH56QOwAQG4AQPAAZvh-nA~CA8QBBgBIPATKPATMKsWOLsCaPUTcKIWeItigAHfX4gBsNsBsAEBuAEDwAG_3prrBg~CBsQBRgBIPYTKPYTMK8VOLgBaPQUcKQVeIkXgAHdFIgBkjCwAQG4AQPAAZyO1PkE~CCIQBBgBIOwcKOwcMIwfOKACaPwdcIcfeKwCsAEBuAEDwAH2j4S6Bg~CBwQBhgBIJUeKJUeMK4fOJkBaJwecK4feKwCsAEBuAEDwAGUhOK1Dg&met.1=1.lnderttd~6.1~7.2~8.2~9.2~10.2~11.2~12.3~13.1h~14.32~15.4y~16.1hw~17.1hw~18.1hw~19.2uc~20.2uc~21.2um&qqid.1=CM3dvsmt34EDFRcEVQgdPl0D5g
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c10::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2DD3 17 KB
6 KB 161ms
157ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 16:45:18 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E5A8 35 KB
14 KB 143ms
130ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3be61af8ca1be1fea37c76d6fcaa4c3076fe975ceed168c92f786f19bed21392

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:35:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11417
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14046
x-xss-protection: 0
server: cafe
etag: 919080172339299441
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:35:01 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E5A8 24 KB
6 KB 135ms
128ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 555069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 28 Sep 2024 06:34:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E5A8 187 KB
59 KB 137ms
130ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:18 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame E5A8 23 KB
9 KB 393ms
369ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10923
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E5A8 3 KB
1 KB 394ms
370ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5991
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E5A8 20 KB
8 KB 135ms
128ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10923
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E5A8 0
0 493ms
464ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR0T7TvLBTmnxn12dmvG7l6BkUj4oaTEhESQSjdV5iktTRDsFDwduaXGRBkQgkpU9KSIXEw6E_1kzDj7cm3JPFlOGlDig
Requested by: Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 86AA 478 B
195 B 247ms
123ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbJtwEQwtbS7gEYpaHq8AEwAQ&v=APEucNXOvxu9G20HBOkn4PIt6nEcbx7FEeVQyczFOnw4hEQAyyUEy11kNDWAZcTSWhHOdXsmIStBIBJOz714E3BS4dLmBSJIuw

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 191F 89 KB
31 KB 134ms
127ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:18 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 191F 42 B
63 B 140ms
134ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DlwApU8a_YRQ8P3U4fZHrKSmUbySI1-zn2-tAexc7qK12GmMz9SD3JyVgETm655YYCmrHRUOhKsTt9JfRFWL6lTfcKnRu84rxIESXRuTE5Fd1EIGs

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 191F 0
20 B 140ms
134ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=849376446207290816&x=1&ct=119

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 191F 3 KB
1 KB 136ms
130ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5991
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 191F 20 KB
8 KB 130ms
124ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10923
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 191F 0
0 668ms
134ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSt3UtT2RwheZ1Q7PTAtIZ0TpTJSk8YNy5tGG4fYGtcoHgztNlBM-tQ0Kmmo-h7mIH7lNNZubC3nlyp_1b9voY5TrC4Ew
Requested by: Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 191F 187 KB
59 KB 295ms
176ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:18 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 68A6 13 KB
5 KB 176ms
51ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 15:05:29 GMT
expires: Fri, 04 Oct 2024 15:05:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DEA9 829 B
1 KB 534ms
125ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

10699e72905f25b578711394a0794e8c789c4e981b88e21707dd04b6b1fb4bd7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Wqy8t7RpJ7obyqY7btVTpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Wqy8t7RpJ7obyqY7btVTpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:18 GMT
expires: Thu, 05 Oct 2023 16:45:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B5C2 13 KB
5 KB 282ms
161ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 15:05:29 GMT
expires: Fri, 04 Oct 2024 15:05:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 16FB 829 B
770 B 545ms
137ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

de77c27c1dd317c623629f0b009b5951b27cde3ae2524890e22a9aa196cdb927

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4_TDu66ZjD3S5i69YZ5fxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4_TDu66ZjD3S5i69YZ5fxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:18 GMT
expires: Thu, 05 Oct 2023 16:45:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET activeview
pagead2.googlesyndication.com/pcs/ Frame C37F 0
0

GET
H3 200 container.html Show response
fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CE3F 6 KB
3 KB 617ms
375ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:14 GMT
expires: Fri, 04 Oct 2024 16:45:14 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8AB2 50 KB
20 KB 452ms
307ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oHQAGu6YEwsxlAADJZdS1Lr-zHbge9es9wQ&u=%7C6ObBEorSoZJwysTDF%2BXIb7tGHAH%2BK5M4%2FQCRqnhgzFg%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5vjThmCpPZm4eXYfNAF-kTFRQE20FTE2r53xEsktjNhfKinU2Plb1A5i2UIdGonFWfY673wflewRitVsJYE8CM2CEYKfwoeNMtJVI9rEUp6ScVKrWgSAYhFvHtSOxkYDD0cytHH0llX-eB0P6A7nm3BnQcTGA7mv8cPOM8URGKp_TPPnVuVeNX6Pp2qfudHwt3MMB-PbILBikyIt0tW_HUnCDXa-cK-XMHwa6tYW9ao9IascIyLwl6SLPjUrXLLtqsXTFgP83BHSW5KwHutgM60JyeaFNLJ7BK3w6jmTXX4AwHOVhXUVIFqYi-UROLFnRvPyAmu-KwnTUHuFmdwg441Dbmn-tuyHFJ0VRafS1RRUQ3ryGTPtQ2i--eTGa4T4RJD5pCoGaI2MynDjNkx3r0EDAxBHd4HtHJjPRkgGTHDzCQaoFTponXwtoNysB8uWy2azKRXJopZ33EcxulZK1jwG-Rty2Ciy9uaDEJvicClB109MlR6jka80K2DrSk2cKk30dnkyoVofDnLoabCEow8TF-ZDhL_Y7cQRqb5j5cC3&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCy4wYHegeZab3GuWYi9YP5ZKD6AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-qAMByAMCqgTNAU_QibPEEmBI6MYfI9gQMpIlUbOIYf0wnY2q94vvZ_J6Kfuta4dwQktCS8FyxcyIcbytc3rEGx4KmiD4wJDmATpE1x8aN-kTOcON_0WtJ6txom7xRpHxbhgfV3_B4cfLEdHACGXMwEohcdor5DyRcQg_vb9_gqTATG3AOtWVjeJLZA-EqDE3aaCehk4Uw-kOGWrql_2ozD3W0KSaAa_OpHEhfCmtexLpy6znsL41WEjvGRdqrWyPlyxWY9Gjsgoouar1qkafmOrvNsChPe-ABuLFm__n6ZftIKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ukhQ9b_UhR5DBsTkDfmo4-ZanQA%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3ab8785803c04f943209fec95ec5faa87416dd1af8b1030db98017a38fa0974a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:18 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hgjHmraB_6OmCnhVX0mkg5qg7YrRqKMkbIw1KsZb5GQOMpskXP6waNUnQR4jYBCSGx18fXtN3sTXa_ond_mplhUkVfHFzFxNY2orMBlIvM0RUbYT76eb0tG9zoiNJa_AoK2Iu8O7VwX5mU7TuZvEmZdEcUKdDozYtC4uuAi2t-Ix01bd04URMKJRkOQ7hlnJ5wUsuCPb7SjT0ZKZygw4wpj6FFRTrzQug4Y0RMYI7wEe4e1lgl9KfsPIf-gQLPfLIkrIPw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3249042
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 86AA 170 B
409 B 618ms
0ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbJtwEQwtbS7gEYpaHq8AEwAQ&v=APEucNXOvxu9G20HBOkn4PIt6nEcbx7FEeVQyczFOnw4hEQAyyUEy11kNDWAZcTSWhHOdXsmIStBIBJOz714E3BS4dLmBSJIuw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 86AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1

43 B
338 B

112ms
111ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbJtwEQwtbS7gEYpaHq8AEwAQ&v=APEucNXOvxu9G20HBOkn4PIt6nEcbx7FEeVQyczFOnw4hEQAyyUEy11kNDWAZcTSWhHOdXsmIStBIBJOz714E3BS4dLmBSJIuw
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTDmNW%2Fd7WAKNYcwqTfbfMCpttJ%2FGcfHmM9Mb4s1uIre%2Fm6GF6vQGvAsow%2FOKDg48qeGqikLrSVZuxJ8Rae8irgYtm3AFsROMTICXTPm1o%2B9RZMaLpUAKS99iolwid36SS1fQbefEmhwIg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811722651aac3c9f-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 86AA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR7oH2KKtk75k7XGVX3RcgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1

43 B
768 B

67ms
67ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbJtwEQwtbS7gEYpaHq8AEwAQ&v=APEucNXOvxu9G20HBOkn4PIt6nEcbx7FEeVQyczFOnw4hEQAyyUEy11kNDWAZcTSWhHOdXsmIStBIBJOz714E3BS4dLmBSJIuw
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0cH3E2TSw2flBBtIj0NOh6KT38C3EOX1OG%2B03R0HHfynj5Iv5fpAGBwiqj5LBwAvBlSvBnHSEHxRYRyZbaouh%2FOTe%2BjGvzPNsC1EgBC7csrBhli9fd6kSlHTAzlR2z6FbzVq3RfzIDOUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8117226b9fcb049a-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPhUXR2hio4Jo5AUCsiHQhs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2513 1 KB
643 B 461ms
340ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 65348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 22:36:10 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 22:36:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 191F 0
20 B 484ms
357ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4023339272934&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 191F 0
20 B 484ms
357ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4023339272934&version=m202309260101&ct=119&x=1&cor=849376446207290900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 191F 88 KB
37 KB 391ms
366ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CdMBL2kiQIi4e9JN4i54MjM2R9jqMwopsi8HJMoJMe7qH1WjBW4uS_1XyvE6FfTWAdFgjWhwDG-I-oK2A5URFtqGfZM1zpsvpZlNMDPoC9fZeyTAxU4ZC_CM0XLQQ-ErpzTJ2Fa0EIOE5NcGG0pzYsUQpeyVkyjCGYqnzEjjPBz-as4do&cry=1&dbm_d=AKAmf-BHqovw8F8-C-MLFNAquTx-nF8lli35ag4ab44d5cpYKV6_zb8YEHCuc-saby6PVV8RPSn4YwrLfeqcrciMcdZGvepe1-2fzvSoq3Zh8SR1Mr7PHPrDqPEYcXLOx3GAztv2cQaxXOboBMjuS8E1-l0fbcqQgqwPH10vXeQ-FSnc8CeB7hkiUaSXV1ZMTDrKr7bvbtqeTvLNlc0z8isBr2WNJhYJAzCTScPkjkXinAFXfVq262rEAtS3inm7wRvNUYT5JbDIMG6A1cHE0hCRYi8zZxVBfmS1QwljLMa6PgNU7lKnNkPecOjtUyJFS5O1DwrrcmE6UHzwyBPqQqCsoCpoJLf4DMx_rwN01QNcRxPPxAsYVK-7-CXOkJeNKdfvetFUHdQnPXfJHzl4_z3ZCyz08sirsIWbGP5k6LIen9eq-RrtvWOIUMvY-imH_bdukzV7mk3a45zlE1dZm41j0_B7J5dReCP4PqImRs_MwXyvNAJkWwDReWPSFW7WkfCOOhnpIhnyBXrkWqvqgAGBRKS1kPpKkDuQbhOa3zdRenbnfkXKYuQm3Wr1joWbsIqoJRbfrm5voKr0FAl2TaO5P-STHOmdzrHLyxwf48ClFqszr_0ujPL8iEDf-bCIY59RhXrioEZ6c94cftwTI5mFrNpJgljKYtw903IkJREWY6YduR7ZV442MuGSCvRr5pzuc0q3U9lhdyv05_A8Vnae7dNT2JdfRCPDSDfv12w12pm4A7jXccPhN_remVZju3HJBd38Pxo_svsCwDpA8F61YP19wQm4pe2-ohZFDFFJg_xnHvoPW9Z7mJeY6iBph9i1DcLXD0InseDdUVJlFOFHstP2mbhdBxO3IyBtEc5UtIWbRYm7qOlNcwOJkkfds7QG9dOyOwg6eeCiE6xkgPZyfTgkYi48y1NYfPBqnVW-mCei6XLr5bLqggLrbqR4Aj8iggGQo44KEruKZkQaVvSF17_67VYjBXN4oRd86QBHU-ZTE3vYTQk1Uqb9lfCEdfZOJ1tJEcqR3jww2xQBJ6BT69AJPzAbJXUxMYoXrAQkW72J_jEf8GA9CkaYx_Cd0Mef4YjPs4MbVF6LtX9bfF7riqrYM4EJUzQ8zW2hEJ2qW_lPZAMsYhP22DR-nrJrYRe-hoi_uYBR_B6Tr1aXAsf1PqDowGD56x4TlkXE4VcC0KLATmard-V-KJQop9OOLOQCsv48mJu2O-KwYzomwIIEjBYF9wdQCh2JdTzGbxbhFXvlx4Ymlzogjs0UhmG40tsUWzN3XQ3kUfEu_5WK5hm-bHwNrvoWNRxA-i6oe3aG3ci6g_baJpIsj9aclhzUzdaoDcRHU0ECUi5zKTzmhdAdNGrWWeagW1cV0N0Ana5izjU0pIxoMd6bfUJNhrQmeh-xrtbxwwmLA3iGz-7qicVaCAVlku2zynVIPuGo6DS7mpFGVUhS8LEWzEF4P_0Q5sRkdfm5ZR8vqymtrh7mjZkix5-lwnJ7LARkKsYs-d44VcpABJry96CgnyoOte3WcrEuFAZm0ryGH6nHLyHRBIke7CbiVFVdP82tpl75oFVZFWaHxmsDHNdlpkOITIYBnopsQJdfc0HiIlEJid1jBZQecsTw76jtAqdhg-kk8NSl7b5-OUXv5J34N9iIfAfz7z7yyvvbDQWpAKbnpWwwvLXeYUqm0ET6M4w9MT5SuZvbqtqnNkOKt2bnXXgSphK-01PxqIoq0cVN-mKPN7lFUeTbAl-r7HH49hLCHkjUOqukAxYTQgoeu7wPKvR-sQ1Is9iutt-p2C9_QfVGgusUYtv1dj5RcGHp1PsTWFdvaM0XkK4bueJd3Nm9hp5Wzy5j0zshwW9r4UhtFTxsC1numWjXOb9ZLNXV6zeE2QgTQfrkAy06EbRmFXosl6_r0NzF1OHMJjt34uhQ68zphEH6zj-MTpzLoYccII3CcafRKzIdPY4cMulQx_irposMXt0fpn7hP_usf85w0zCOReY5-w22bHYDaBDRs31Uif_9qw5SrjxuGvkFkC4p9KkI9kYI4YNy-JDT-2vTnMi94I-0PT-P6tzMsbzw83vtSkQpvTNStaBQl34mxRsTVNgXHtMeKH7DqnfEGxPpuUwVeLUgwpR-cJBUj-wqOvddvE5gfpeB0B9b-BzWxhUTtUxYwXJPmCyOdBKOyqEAVekVWVjaLAi2JxnLW3Kxi6B0hnTSChQ27ebg8MvtfVeEVhvNrsuLqdOou3tL_cK5EZa9FK6P2ckYLG9Lh4zRhLblsMf8RVbnRHxb5Akwm55l3x5WNhkeTW8Lw2o6knjVe-Oip9RDrAba9Gdz7JIhKiZi1KX4Pkbri2wsvAWr6E8TFGdH_A0PcbvpxTnqFg44FXjmIIA9FgZCYk64mw24bo6cW1JuUcP2MvmCNKBByqFVSb5X7HPa3WIjZ3CiyQnFpTBiVrfHWGmwJqlWhUu9uXEMs0-LpM693Eu1SWLzj2I50BT56STQzZk3IwIhNmcLG-2IKOb22SKAGy1U9OxLrs14OfJtpIQb7nMO8raV0PHYP96ChLjPK-UU2gq7-Hjbptu93LHE96DvveWAxLYv-lm2TtiDM3JeyYBrAVE8jSGKczkKQcs4dq6hSozx1m2RlWnhDuyV3uAuS6QHx_Mf-fXwMES6lDm5Mb19EMVDhGETS-VvWLzGGH1q0a2em6H8pm29JytPJwWp0AMnlwrdPWBDBjt_LdBOIyDa7YOQB-jh6iWV6feFZUsOx2Tq8LFYcItFcUqtujOYTaaesOeDZAnaVU8DppgbBIpEHJneFqmZnWg9mV-X1khoseKnyIYM4GpE_e0xUTEPKHPM5aK2Zij5cTUZeZxzb1xmdyKAFn6O6cGI_7OwFgcehq5gAfu1sRHyM8qdMr8sJstu1-l3P5QtHncO_RxlWsdbgxdbJMUBb1Jip-cuXR_8ANRkPe3GErWdr27CRbM2g-oLDMTNQaYoyo7SaSaTFXJlYD8uV0hUXOVZJZg5UIn5_axJLiEHM8pH64EE3eE2hdQpDBeFo8h_dybxO49ApbrMnP0_c8fCfU1x7N3HcHTwaTE99ARyHSkzA2TwUeCzTHcx1VZzVndnbqKwXv9HAUEvnrgQd4_hya1ghTaCRz5eBhjThwEt0mh9Jqh9V6juBrUzR3bb7kbJcFhdwPGgO6Jna6k9WQ0i-ZGp3QZPwZ4s1A94hq8gmOkjbnfUWAsNia8BpD2ls6MCCh56Qmf1C3PcAYnmZnRH4tarnEtz5TWPRszeb1uc8TNL_gTTsGbNkfTyjhl3M9I3elDPkmbGrt9AQbUWE2EhRMCb4QeUes7JhFyzCsgj-p1j_a_WRRKHqjJEmN1WcfQsQS3p6pb4i6mXHC4gWgFoJ88HBSqZdxWXXCZpYAVFpHDL_XKNwhycEbBvxngacAtmMgjUwHXFgO7OG3nN4Qt4PpM6ZaadplTbqsUrg8Y2TjLRqt-hsQl8RZdMht5JSms3-hbpobrMtlL1bLLe4unSA5nqEmQ6v5-5AoLHg_ZSdRjJzTSvN3BY1775RmmRXG7Awdv_1crnOChFaZs4KJ56JKoRcSwvd5fGgEnXLlmSRxe3vYK1Pg1C3y796FzOx--HV5XZOyb_TyKqBcC0QGqGA8bfZ7pQJLbELgTmaMhmKdSKGkCOQByM-M8aAYb4McHTwovjs12oeJ58Wa8hfXTN_LFdO29MhXTgwiEqgIt6MKPQ-h1TYu0RLEZHA0IVSA&cid=CAQSKQDICaaNvOmoi2I7T57isgKqB8hq01D4bU48UnYlIpNVZDC2B-TRBdMAGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=849376446207290900&adk=4022746785&idt=253&cac=0&dtd=83

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c696cf896f31656971d1dd2f7e1e582afbd23427bc528ca49b42c9e48d87a55f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38036
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 TH7c3hXXTw9EeGw-U11NxoB-PDBdKVeertYgXd6dljYmXtFjtsgxIUZgvhnGKRVkzgEXMjurGbsKZAPbKk1KLLhfmnthvyh79kySELP61s3Fvfw-in2wwr8=w1200-h627-rp-pd
lh4.googleusercontent.com/proxy/ Frame E5A8 453 KB
454 KB 574ms
53ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/TH7c3hXXTw9EeGw-U11NxoB-PDBdKVeertYgXd6dljYmXtFjtsgxIUZgvhnGKRVkzgEXMjurGbsKZAPbKk1KLLhfmnthvyh79kySELP61s3Fvfw-in2wwr8=w1200-h627-rp-pd

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

097c4d92a70192ec3b756b2cb1c6136af9245616e3d1d576fa2ab1c796bba64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
x-content-type-options: nosniff
server: fife
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 463846
x-xss-protection: 0
expires: Fri, 06 Oct 2023 16:45:19 GMT

GET
H3

200

17096744410705038688
tpc.googlesyndication.com/simgad/ Frame E5A8
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODWi5W5AhDGAxjGAzIIyya79dBex3U
https://tpc.googlesyndication.com/simgad/17096744410705038688

424 KB
424 KB

22ms
21ms

Image
image/png

2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17096744410705038688

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39541799e38d9d9c4a9615467dfa6147df7cf2191c59abe3027064b445dfe9f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:59:40 GMT
x-content-type-options: nosniff
age: 6339
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 433930
x-xss-protection: 0
last-modified: Thu, 03 Aug 2023 09:46:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 04 Oct 2024 14:59:40 GMT

Redirect headers

date: Thu, 05 Oct 2023 09:29:13 GMT
x-content-type-options: nosniff
server: cafe
age: 26165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/17096744410705038688
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Nov 2023 09:29:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3669 13 KB
5 KB 389ms
248ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5989
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 15:05:29 GMT
expires: Fri, 04 Oct 2024 15:05:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EE6F 829 B
771 B 373ms
0ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

666efc0a6172f12059d8bc178a5411b2733bead252880e53aa6ad867af8e9b64

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Xa-H9GTcAQUH4HTbyPjEHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Xa-H9GTcAQUH4HTbyPjEHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:18 GMT
expires: Thu, 05 Oct 2023 16:45:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8AB2 2 KB
1 KB 77ms
77ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZR7oHQAGu6YEwsxlAADJZdS1Lr-zHbge9es9wQ&u=%7C6ObBEorSoZJwysTDF%2BXIb7tGHAH%2BK5M4%2FQCRqnhgzFg%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57o2eAKtbyUnkzCgAZe2TqI9t-30jvbb4jJ4J0HrkfUVwV9W7X5y17J5vjThmCpPZm4eXYfNAF-kTFRQE20FTE2r53xEsktjNhfKinU2Plb1A5i2UIdGonFWfY673wflewRitVsJYE8CM2CEYKfwoeNMtJVI9rEUp6ScVKrWgSAYhFvHtSOxkYDD0cytHH0llX-eB0P6A7nm3BnQcTGA7mv8cPOM8URGKp_TPPnVuVeNX6Pp2qfudHwt3MMB-PbILBikyIt0tW_HUnCDXa-cK-XMHwa6tYW9ao9IascIyLwl6SLPjUrXLLtqsXTFgP83BHSW5KwHutgM60JyeaFNLJ7BK3w6jmTXX4AwHOVhXUVIFqYi-UROLFnRvPyAmu-KwnTUHuFmdwg441Dbmn-tuyHFJ0VRafS1RRUQ3ryGTPtQ2i--eTGa4T4RJD5pCoGaI2MynDjNkx3r0EDAxBHd4HtHJjPRkgGTHDzCQaoFTponXwtoNysB8uWy2azKRXJopZ33EcxulZK1jwG-Rty2Ciy9uaDEJvicClB109MlR6jka80K2DrSk2cKk30dnkyoVofDnLoabCEow8TF-ZDhL_Y7cQRqb5j5cC3&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCy4wYHegeZab3GuWYi9YP5ZKD6AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-qAMByAMCqgTNAU_QibPEEmBI6MYfI9gQMpIlUbOIYf0wnY2q94vvZ_J6Kfuta4dwQktCS8FyxcyIcbytc3rEGx4KmiD4wJDmATpE1x8aN-kTOcON_0WtJ6txom7xRpHxbhgfV3_B4cfLEdHACGXMwEohcdor5DyRcQg_vb9_gqTATG3AOtWVjeJLZA-EqDE3aaCehk4Uw-kOGWrql_2ozD3W0KSaAa_OpHEhfCmtexLpy6znsL41WEjvGRdqrWyPlyxWY9Gjsgoouar1qkafmOrvNsChPe-ABuLFm__n6ZftIKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1ukhQ9b_UhR5DBsTkDfmo4-ZanQA%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8AB2 2 KB
1 KB 74ms
73ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8AB2 308 B
636 B 64ms
19ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 8AB2 293 B
621 B 61ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 8AB2 43 B
347 B 119ms
73ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=UkjTSPLJutS1M5ZTyTzGgKHtC8dKxApKvKpJPWgvfqDNfOmtsd9aQCwaj7HFvCXlqH8TtH_z6wMwXG-9K_sacMMx3PAFB_xn-l7lRRnAFjjHqOS21t7saUxSz7NZ8TvYGy-cAH6uIbAZGZ4a5gwHETM5ielzqvnLk3lK0qzUmGGqjxtyZFo97nz9VOrfbrNFvEtkWRI2MqEuvA3iCC14HoYfk2mipBedaOtilEZyNTgZiaVI7gZFwrRpYgmpY3N-7x6SHpQ-XwQfkX2TWti-1wz8mg6sQk7otXwZTGiGTpFn-sANk1NuZBoJZI0GE-uY-FQ6hRkrPn7nbmo0RlKDts1xlagm4DwfnLF3dgdRqKzqLOFc9WSc9roqB_LsZocZQpH8DkURlZIGJfivLne3RoSARvRsPzJpZMWXOH137NMjj8Fd

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1554053
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ace8e597d28940fb96ad7ba258d1eda0_image_ad_300x250.jpeg
static.criteo.net/design/dt/99645/4842297/ Frame 8AB2 74 KB
74 KB 70ms
26ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/99645/4842297/ace8e597d28940fb96ad7ba258d1eda0_image_ad_300x250.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5325099282ede6ff90ea71df2f9a4c926e85c62d704daeeda8b9d2dc467d5517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 13 Jul 2023 13:32:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64affd00-127d3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 75731
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1D3E 143 B
166 B 98ms
67ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 2221
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:08:18 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 191F 111 KB
39 KB 626ms
24ms Script
text/javascript 2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
Origin: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 21:04:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Oct 2023 21:04:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 191F 11 KB
4 KB 102ms
28ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CdMBL2kiQIi4e9JN4i54MjM2R9jqMwopsi8HJMoJMe7qH1WjBW4uS_1XyvE6FfTWAdFgjWhwDG-I-oK2A5URFtqGfZM1zpsvpZlNMDPoC9fZeyTAxU4ZC_CM0XLQQ-ErpzTJ2Fa0EIOE5NcGG0pzYsUQpeyVkyjCGYqnzEjjPBz-as4do&cry=1&dbm_d=AKAmf-BHqovw8F8-C-MLFNAquTx-nF8lli35ag4ab44d5cpYKV6_zb8YEHCuc-saby6PVV8RPSn4YwrLfeqcrciMcdZGvepe1-2fzvSoq3Zh8SR1Mr7PHPrDqPEYcXLOx3GAztv2cQaxXOboBMjuS8E1-l0fbcqQgqwPH10vXeQ-FSnc8CeB7hkiUaSXV1ZMTDrKr7bvbtqeTvLNlc0z8isBr2WNJhYJAzCTScPkjkXinAFXfVq262rEAtS3inm7wRvNUYT5JbDIMG6A1cHE0hCRYi8zZxVBfmS1QwljLMa6PgNU7lKnNkPecOjtUyJFS5O1DwrrcmE6UHzwyBPqQqCsoCpoJLf4DMx_rwN01QNcRxPPxAsYVK-7-CXOkJeNKdfvetFUHdQnPXfJHzl4_z3ZCyz08sirsIWbGP5k6LIen9eq-RrtvWOIUMvY-imH_bdukzV7mk3a45zlE1dZm41j0_B7J5dReCP4PqImRs_MwXyvNAJkWwDReWPSFW7WkfCOOhnpIhnyBXrkWqvqgAGBRKS1kPpKkDuQbhOa3zdRenbnfkXKYuQm3Wr1joWbsIqoJRbfrm5voKr0FAl2TaO5P-STHOmdzrHLyxwf48ClFqszr_0ujPL8iEDf-bCIY59RhXrioEZ6c94cftwTI5mFrNpJgljKYtw903IkJREWY6YduR7ZV442MuGSCvRr5pzuc0q3U9lhdyv05_A8Vnae7dNT2JdfRCPDSDfv12w12pm4A7jXccPhN_remVZju3HJBd38Pxo_svsCwDpA8F61YP19wQm4pe2-ohZFDFFJg_xnHvoPW9Z7mJeY6iBph9i1DcLXD0InseDdUVJlFOFHstP2mbhdBxO3IyBtEc5UtIWbRYm7qOlNcwOJkkfds7QG9dOyOwg6eeCiE6xkgPZyfTgkYi48y1NYfPBqnVW-mCei6XLr5bLqggLrbqR4Aj8iggGQo44KEruKZkQaVvSF17_67VYjBXN4oRd86QBHU-ZTE3vYTQk1Uqb9lfCEdfZOJ1tJEcqR3jww2xQBJ6BT69AJPzAbJXUxMYoXrAQkW72J_jEf8GA9CkaYx_Cd0Mef4YjPs4MbVF6LtX9bfF7riqrYM4EJUzQ8zW2hEJ2qW_lPZAMsYhP22DR-nrJrYRe-hoi_uYBR_B6Tr1aXAsf1PqDowGD56x4TlkXE4VcC0KLATmard-V-KJQop9OOLOQCsv48mJu2O-KwYzomwIIEjBYF9wdQCh2JdTzGbxbhFXvlx4Ymlzogjs0UhmG40tsUWzN3XQ3kUfEu_5WK5hm-bHwNrvoWNRxA-i6oe3aG3ci6g_baJpIsj9aclhzUzdaoDcRHU0ECUi5zKTzmhdAdNGrWWeagW1cV0N0Ana5izjU0pIxoMd6bfUJNhrQmeh-xrtbxwwmLA3iGz-7qicVaCAVlku2zynVIPuGo6DS7mpFGVUhS8LEWzEF4P_0Q5sRkdfm5ZR8vqymtrh7mjZkix5-lwnJ7LARkKsYs-d44VcpABJry96CgnyoOte3WcrEuFAZm0ryGH6nHLyHRBIke7CbiVFVdP82tpl75oFVZFWaHxmsDHNdlpkOITIYBnopsQJdfc0HiIlEJid1jBZQecsTw76jtAqdhg-kk8NSl7b5-OUXv5J34N9iIfAfz7z7yyvvbDQWpAKbnpWwwvLXeYUqm0ET6M4w9MT5SuZvbqtqnNkOKt2bnXXgSphK-01PxqIoq0cVN-mKPN7lFUeTbAl-r7HH49hLCHkjUOqukAxYTQgoeu7wPKvR-sQ1Is9iutt-p2C9_QfVGgusUYtv1dj5RcGHp1PsTWFdvaM0XkK4bueJd3Nm9hp5Wzy5j0zshwW9r4UhtFTxsC1numWjXOb9ZLNXV6zeE2QgTQfrkAy06EbRmFXosl6_r0NzF1OHMJjt34uhQ68zphEH6zj-MTpzLoYccII3CcafRKzIdPY4cMulQx_irposMXt0fpn7hP_usf85w0zCOReY5-w22bHYDaBDRs31Uif_9qw5SrjxuGvkFkC4p9KkI9kYI4YNy-JDT-2vTnMi94I-0PT-P6tzMsbzw83vtSkQpvTNStaBQl34mxRsTVNgXHtMeKH7DqnfEGxPpuUwVeLUgwpR-cJBUj-wqOvddvE5gfpeB0B9b-BzWxhUTtUxYwXJPmCyOdBKOyqEAVekVWVjaLAi2JxnLW3Kxi6B0hnTSChQ27ebg8MvtfVeEVhvNrsuLqdOou3tL_cK5EZa9FK6P2ckYLG9Lh4zRhLblsMf8RVbnRHxb5Akwm55l3x5WNhkeTW8Lw2o6knjVe-Oip9RDrAba9Gdz7JIhKiZi1KX4Pkbri2wsvAWr6E8TFGdH_A0PcbvpxTnqFg44FXjmIIA9FgZCYk64mw24bo6cW1JuUcP2MvmCNKBByqFVSb5X7HPa3WIjZ3CiyQnFpTBiVrfHWGmwJqlWhUu9uXEMs0-LpM693Eu1SWLzj2I50BT56STQzZk3IwIhNmcLG-2IKOb22SKAGy1U9OxLrs14OfJtpIQb7nMO8raV0PHYP96ChLjPK-UU2gq7-Hjbptu93LHE96DvveWAxLYv-lm2TtiDM3JeyYBrAVE8jSGKczkKQcs4dq6hSozx1m2RlWnhDuyV3uAuS6QHx_Mf-fXwMES6lDm5Mb19EMVDhGETS-VvWLzGGH1q0a2em6H8pm29JytPJwWp0AMnlwrdPWBDBjt_LdBOIyDa7YOQB-jh6iWV6feFZUsOx2Tq8LFYcItFcUqtujOYTaaesOeDZAnaVU8DppgbBIpEHJneFqmZnWg9mV-X1khoseKnyIYM4GpE_e0xUTEPKHPM5aK2Zij5cTUZeZxzb1xmdyKAFn6O6cGI_7OwFgcehq5gAfu1sRHyM8qdMr8sJstu1-l3P5QtHncO_RxlWsdbgxdbJMUBb1Jip-cuXR_8ANRkPe3GErWdr27CRbM2g-oLDMTNQaYoyo7SaSaTFXJlYD8uV0hUXOVZJZg5UIn5_axJLiEHM8pH64EE3eE2hdQpDBeFo8h_dybxO49ApbrMnP0_c8fCfU1x7N3HcHTwaTE99ARyHSkzA2TwUeCzTHcx1VZzVndnbqKwXv9HAUEvnrgQd4_hya1ghTaCRz5eBhjThwEt0mh9Jqh9V6juBrUzR3bb7kbJcFhdwPGgO6Jna6k9WQ0i-ZGp3QZPwZ4s1A94hq8gmOkjbnfUWAsNia8BpD2ls6MCCh56Qmf1C3PcAYnmZnRH4tarnEtz5TWPRszeb1uc8TNL_gTTsGbNkfTyjhl3M9I3elDPkmbGrt9AQbUWE2EhRMCb4QeUes7JhFyzCsgj-p1j_a_WRRKHqjJEmN1WcfQsQS3p6pb4i6mXHC4gWgFoJ88HBSqZdxWXXCZpYAVFpHDL_XKNwhycEbBvxngacAtmMgjUwHXFgO7OG3nN4Qt4PpM6ZaadplTbqsUrg8Y2TjLRqt-hsQl8RZdMht5JSms3-hbpobrMtlL1bLLe4unSA5nqEmQ6v5-5AoLHg_ZSdRjJzTSvN3BY1775RmmRXG7Awdv_1crnOChFaZs4KJ56JKoRcSwvd5fGgEnXLlmSRxe3vYK1Pg1C3y796FzOx--HV5XZOyb_TyKqBcC0QGqGA8bfZ7pQJLbELgTmaMhmKdSKGkCOQByM-M8aAYb4McHTwovjs12oeJ58Wa8hfXTN_LFdO29MhXTgwiEqgIt6MKPQ-h1TYu0RLEZHA0IVSA&cid=CAQSKQDICaaNvOmoi2I7T57isgKqB8hq01D4bU48UnYlIpNVZDC2B-TRBdMAGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=849376446207290900&adk=4022746785&idt=253&cac=0&dtd=83

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:48:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:48:02 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 191F 30 KB
11 KB 80ms
29ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:48:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:48:51 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 191F 41 KB
14 KB 77ms
28ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 23:31:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Oct 2024 23:31:37 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 54F1 611 B
263 B 234ms
65ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW8CpU_mZzzhp7EAeM4QqJ5vbSMI3vq3Hy7cdwgYFCSzv67RZ6TwbpW7DYH3-1-2yqIAxDk5g6kbutXEdFr_fjufRsfGg

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CE3F 89 KB
31 KB 327ms
326ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE3F 42 B
63 B 261ms
261ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DOEaA1IU5sdCAPx6NCaQnyuRG9Z5wvLV0sHYq9DhYhGkxDUiHEHot-6TtmLLKctD0oDBHDd6ifV1gDz09u_EliUIS11AYKClM5xJYSrBW-owS--jA

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE3F 0
20 B 322ms
322ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5024342187811728405&x=1&ct=77

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame CE3F 32 KB
8 KB 420ms
40ms Script
application/javascript 217.79.188.59

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.59 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:20 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad4.adfarm1.adition.com/ Frame CE3F 3 KB
2 KB 408ms
29ms Script
application/x-javascript 217.79.188.46

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CY--aHOgeZe62IJSrgAfn9auwB_u9i6xzv5_osYgR2rbi75o4EAEg08vOMGD1lc6B4ATIAQmpAh2bGWpap7E-qAMByAObBKoE7QFP0ARRX4VcvHi4CzaU1_PQNhqev0i1u-JklcxIOA1FtwASVVNhp2XCpzrvpwyx3RRPXdpfcBJgkEh4hqHCUdrVmQ2aFBUOZSlRJWFghR-yXY2Q7J5Z8BGtoKtiNsE1smbGEK_1BDaOkwfUFQNzim-uHOImU8HCZ7-fTfwS-mSUuUZoGGkaOdcDwXSadJclNRsm_eSVwnZZVwLE0mW8Rkq7xzssAz3n4g6EHQdeU6Od8BBnqshK5Lb06K9LjrqvpFZR8xV_mgCTf5GPruqVkPnnJRz-fnNq2TqM-hQbm5bCyhEcGtin0IjLAXnLk1nABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB_DrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI5oz0ya3fgQMVlBXgCh3n-gp2sBOq44EV0BMA2BMKiBQB2BQB0BUB-BYBgBcB6BcB&ae=1&gclid=EAIaIQobChMI7rT1ya3fgQMVlBXgCh3n-gp2EAEYASAAEgKJgPD_BwE&num=1&cid=CAQSKQDICaaNLQysGzwlJlnNVepx0U9z_1pJUW3-IRJoUYUbJDrMz0-qhaZ1GAE&sig=AOD64_13SWLc3KkgMvKEc7ccd6dX6x266Q&client=ca-pub-5884294479391638&dbm_c=AKAmf-Cwov8Z8oi72DlQQROK8F_-AQFP0f5IiKrhWMDEj05Of6dncJftO871HpYUcKsp1zEw_DAtUO1vZesQWO60zMYR0H3nrhO8Ac8Fl4ya8pENX_Otvf8jznbaac8FGoYj2cw_xftVAgLizm5CTlEeJ-TlTlJKM8xKcXBvstfTVvSY0DiJUEk&cry=1&dbm_d=AKAmf-BjFEmLo25dJccxMwcOIpbkB4TIz7nJeBtCeA16FTphRpvn_w2Z2_5W-8Kpi64-s85G10A5D6bXXzWXNyIcVRuIKXpFjsAjbkBrL-Bx99wtfi1fdvwsVdiS0jxcW-nJlSqcgbRKjbJ8AT91OTTmlpan0-jEWhlQtNEvl8RX1HFczAz5COh1M8jCqxyjnD8IgsApNiGnUCSqtW-H4xTn4IzvwUrY7u7Loy4OSz7wQ-RJTYAq4vqjtNvFV__x8R1bBXWzaHaNK1kXWbCGx7vzkWh5IjFUoqFzogEcPfoD5DkeMW3u2p-0UzOmxsbWnDTkXrtjoR-8gfrCoKC00EiS_iC3Cz3tkdyHzBNDe30gaE5xVw9AkIivtXMc6PxDLvr8RaMBOMXMBvU-azkou6i26Be0PFJ-jfo1JIjiYDcsY10x7BFD2tmMprW7e151LH0I9KeGuy34E7LO1fCGApl9bi_zulukf-22eFQlQ3sJLULoAwjJBNiYQY6AVI9e006TiaNoQYeywOCNbn1EposfqBXAS2pP36rx0o98YJ8pPx8XkJY8JgkQDU8rlPkwykfi_OzTO337JlTgqMgongRRk4KHz4R2zHdIxNe6Kiyh2CwJWbyKKH4&adurl=
Requested by: Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 -, , ASN (),
Reverse DNS
Software: ADITIONSERVER v1.0 /
Resource Hash: 30f7050deb7e111d2db1cc1879424b8a62af2dc63f8b9f00571313e0dc24cc48

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Thu, 05 Oct 2023 18:45:20 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame CE3F 3 KB
1 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame CE3F 20 KB
8 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10924
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CE3F 0
0 82ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSdr60B_6YYY3yaEpPRBxyTNINh9k9p-sHSc8XiO9jMcQHQarnO05knEC2_nE5Zftn_JBeb7Ru4eif7vseHouDQNhIR5A
Requested by: Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE3F 187 KB
59 KB 105ms
82ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 16:45:19 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9D6F 1 KB
643 B 164ms
22ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 65350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 22:36:10 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 22:36:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 8AB2 0
127 B 354ms
352ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hgjHmraB_6OmCnhVX0mkg5qg7YrRqKMkbIw1KsZb5GQOMpskXP6waNUnQR4jYBCSGx18fXtN3sTXa_ond_mplhUkVfHFzFxNY2orMBlIvM0RUbYT76eb0tG9zoiNJa_AoK2Iu8O7VwX5mU7TuZvEmZdEcUKdDozYtC4uuAi2t-Ix01bd04URMKJRkOQ7hlnJ5wUsuCPb7SjT0ZKZygw4wpj6FFRTrzQug4Y0RMYI7wEe4e1lgl9KfsPIf-gQLPfLIkrIPw&sds=2&rev=88731&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 16:45:19 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8AB2 2 KB
1 KB 87ms
83ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8AB2 2 KB
1 KB 353ms
349ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 29 Sep 2024 16:45:19 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2513 35 B
463 B 277ms
24ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMqQm8XUunMgHn-esSEHkjc&google_cver=1&google_push=AXcoOmQTml_pWmzueIj5TDowCBHoqF6N1mWGKaRqeLYc5bamLqTKvViQhL-w8EgVr3Ns19YG5unkWgQPxVIcGUxqyW5TX3olsvkgFD_P6rPqybidz3zjh0n78ke_woiPt4mtFd4IwBCGrULSY8lohUHh8sKf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2513
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhc...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGD...

43 B
419 B

287ms
286ms

Image
image/gif

2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853
Protocol: H2
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8117226bfdd83caa-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 485
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQvDNjW08RDf1A0a6IojBPLkRQ2ImRDPsUlm68y7xwXzuzMZ4DCE1k5pnJgfXt5IQNmLxbQ09ea4H6oVJ9hHV2dbkatPGDhcSmfkkSHAt3hC8QJ2w2ClJNhWZiLNd1ZEEJEYgK78-XITyqgv1LcJ6u-%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8117226939283caa-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2513
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEEBb8cxVWK54hjeJz68ysCQ&google_cver=1&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lEKENpjv_jTEmos0X...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lE...

170 B
188 B

34ms
34ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lEKENpjv_jTEmos0XapX47Ma6pHqLO61QUaJdRsCNBoBB-zhwAvPHID3S3ARPiLnf-9D7Y

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 16:45:20 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQSpTKbZGjMQMudOuZnqoPcz3lm1twp-a9eQy-gotr7yaLR3Sa1tz2eIUe8zYQuUs4f7_Z3Fyfce1Vu5lEKENpjv_jTEmos0XapX47Ma6pHqLO61QUaJdRsCNBoBB-zhwAvPHID3S3ARPiLnf-9D7Y
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Oct 2023 16:45:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2513
Redirect Chain

https://ums.acuityplatform.com/tum?umid=4&uid=CAESEPDqkHu0hEORDB07d_dMhAs&google_cver=1&google_push=AXcoOmQiyP--ClFZMG6RtBJHweqvvZx8edqEn52q-4gRRuMN0qb1pmiu2pbOxq3WRo9FjBQsuGQ7BQ3QJptSzGPsWBcJ9WEJJ...
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=836551757536&us_privacy=1---

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=836551757536&us_privacy=1---

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=836551757536&us_privacy=1---
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2513
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUH...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGws...

170 B
188 B

88ms
87ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGwsM-ny37hncpGkoOlz0qHZ0a&google_hm=pNSRvtXDQO27tj-24JogOQ==

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmSsR6coQxje2Bqlt6lHDfY6i1c5Tr-AFjJPTdQ468cSXcoZkCp4ioM1EBLIxK-aHa7H2Qdwa8xq8zRcpa2bTVUHPkpcoKMW0WmVVH9zcSSC926i3MmP4hU5HUaMZCiGwsM-ny37hncpGkoOlz0qHZ0a&google_hm=pNSRvtXDQO27tj-24JogOQ==
date: Thu, 05 Oct 2023 16:45:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 2513
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHry27d-xSaBDu-zEQXWK_Q&google_cver=1&google_push=AXcoOmSwEGdBjf3dEKBM1dZ_fJUy7vARXphVEoNDi8HCi3y0LgnwTAMWY9uXvae1pcGDSePNHtrD0YXp5W-WKO6c...
https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=b35228c874&gdpr=0&gdpr_consent=

43 B
659 B

210ms
74ms

Image
image/gif

185.86.138.152

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=b35228c874&gdpr=0&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853
Protocol: HTTP/1.1
Server: 185.86.138.152 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
cache-control: no-cache,no-store
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

date: Thu, 05 Oct 2023 16:45:20 GMT
via: 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
location: https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=b35228c874&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: fBAni_jftucOl_4dPZafs-75KFRpQL2gyhPHI5NIwOR0kQz5tSl0tg==

GET
H2

200

/
onetag-sys.com/match/ Frame 2513
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBEz3EHrBVrkDN_anYwfcPM&google_cver=1&google_push=AXcoOmSo7CogLmzmxnOLiWs18R1XnjERkHLFmoA2r7fU7YMJzZPcSWbBHqYdhvWnP8YZX5p7EapSGTMMhAn...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSo7CogLmzmxnOLiWs18R1XnjERkHLFmoA2r7fU7YMJzZPcSWbBHqYdhvWnP8YZX5p7EapSGTMMhAnAgeXyHKpexsguZrzsF6YZL4zEQ-b0ktHIDtDZ...
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

28ms
25ms

Image
text/plain

51.89.9.253

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.89.9.253 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2513 0
59 B 105ms
103ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LcelppRp2TmbM5RUfnqkfbeSr4cGlwa0CBQvGnDJDPeMA-j7IWfx2u5qqox6HeRZgCPT1g3Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3A55 1 KB
643 B 161ms
22ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 65350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 22:36:10 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 22:36:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 68A6 37 KB
14 KB 162ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 16:41:03 GMT

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame B5C2 37 KB
14 KB 172ms
32ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 16:41:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DEA9 0
0 268ms
128ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309280101&jk=2051023511803790&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 16FB 0
0 267ms
127ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309280101&jk=85455581449384&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 191F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 227c624299a687f57694e78cb4f754a41e3d5b6ce4950495980886a321e462b2

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EE6F 0
0 188ms
187ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309280101&jk=71863667508588&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 116ms
115ms Preflight
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CILrhGugeZYT5MZeejuwP-ZClsAe67KaIc6iXtN6kEtfWor3AARABINPLzjBg9ZXOgeAEoAHirumFKsgBBuACAKgDAcgDwwSqBMYCT9Cx1D8_M4zgEzphOO4QDW33X1SJl6cyk0VUz-J2qYYOs-yVOvaJQsbUWLAAkmMViwTK0IlSAPvrR5Z7rbE4ZuJFwDciOxhr_3QEjnu6dUa-C2PbafVVTTykSNObHlCfJ4Vxgc4Ez__3RuCfQZjuU5b2TXBPxmpE0ZaHVK-ZAXOR_KAX98zT_IBaSV6rglLNB9fyvnHAo-eS0hhpqU5PWb4yqJMcSBpjj13M_tkIwjxlGCeftQBvrEn7e5K61OZgOmsJ2szPT53L5f09MPV97zPdaEWFADqI-ndcocORalBo_iCmN7wmIzWWRUOQ3KJIBjAfW6JC9nmG5tPh8rnufej9-8XYOrPD_0uODygAk3pG3XpCFZ9d1Zx5svphytmo1XpUBaNopxbf73VWT4-R2c2bVrxBxCfrJp-8zW8AFxJfA9jceL_ABOztma68BOAEAYgFiu3Ti0ySBQQIBBgBkgUECAUYBKAGN4AH4ua55QSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwHyBwQQ9fQC0ggUCIBhEAEYHTICigI6AoBASL39wTqaCRFodHRwczovL2ZlbW9pLmZyL4AKA8gLAdoMEAoKEPC1pM7OlKmWHBICAQPiDRMI4bqLya3fgQMVF4-DBx15SAl22BMC0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=0AxzRjEVKWw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSKQDICaaNxPmsY0SQnnBmwvpKCT-sJTxvPoLu1z8VB-W_5TlPNyDvJAdeGAE&template_id=493&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 16:45:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E5A8
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CILrhGugeZYT5MZeejuwP-ZClsAe67KaIc6iXtN6kEtfWor3AARABINPLzjBg9ZXOgeAEoAHirumFKsgBBuACAKgDAcgDwwSqBMYCT9Cx1D8_M4zgEzphOO4QDW33X1SJl6cyk0VUz-J2...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf080013549b204460000000000000000%22,%222%22:%220xd929b285360dce630000000000000000%22,%223%22:%220xacda88...

0
0

123ms
74ms

Fetch
text/css

142.250.185.162

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf080013549b204460000000000000000%22,%222%22:%220xd929b285360dce630000000000000000%22,%223%22:%220xacda8854e2ea93390000000000000000%22,%224%22:%220xf2f0404274eafe1a0000000000000000%22,%225%22:%220x8ab1bb388752efd50000000000000000%22},%22debug_key%22:%228265543329121096580%22,%22debug_reporting%22:true,%22destination%22:%22https://femoi.fr%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211286501218%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225148228444350573121%22}&andc=true

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:24 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xf080013549b204460000000000000000","2":"0xd929b285360dce630000000000000000","3":"0xacda8854e2ea93390000000000000000","4":"0xf2f0404274eafe1a0000000000000000","5":"0x8ab1bb388752efd50000000000000000"},"debug_key":"8265543329121096580","debug_reporting":true,"destination":"https://femoi.fr","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11286501218"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"5148228444350573121"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:24 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 16:45:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xf080013549b204460000000000000000","2":"0xd929b285360dce630000000000000000","3":"0xacda8854e2ea93390000000000000000","4":"0xf2f0404274eafe1a0000000000000000","5":"0x8ab1bb388752efd50000000000000000"},"debug_key":"8265543329121096580","debug_reporting":true,"destination":"https://femoi.fr","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11286501218"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"5148228444350573121"}&andc=true
access-control-allow-origin: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

setuid
ib.adnxs.com/ Frame 54F1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAC0J8YRjUtIH2lpy_tVgYs&google_cver=1

43 B
840 B

68ms
65ms

Image
image/gif

185.89.210.180

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAC0J8YRjUtIH2lpy_tVgYs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW8CpU_mZzzhp7EAeM4QqJ5vbSMI3vq3Hy7cdwgYFCSzv67RZ6TwbpW7DYH3-1-2yqIAxDk5g6kbutXEdFr_fjufRsfGg

Protocol

Server

185.89.210.180 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
an-x-request-uuid: 070a4aaf-7e4f-41e1-a00d-4ca9b89308ba
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 195.206.105.131; 195.206.105.131; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAC0J8YRjUtIH2lpy_tVgYs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 54F1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA2ODM3MzIxNTgzMDI2MDEwNA%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA2ODM3MzIxNTgzMDI2MDEwNA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
an-x-request-uuid: bc4118c8-2d7c-4bd9-a712-bd6bbc9147b2
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA2ODM3MzIxNTgzMDI2MDEwNA%3D%3D
x-proxy-origin: 195.206.105.131; 195.206.105.131; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 54F1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELv-ndPKvl4S2eYmyH_Jqfk&google_cver=1

43 B
171 B

295ms
150ms

Image
image/gif

34.98.64.218

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELv-ndPKvl4S2eYmyH_Jqfk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNW8CpU_mZzzhp7EAeM4QqJ5vbSMI3vq3Hy7cdwgYFCSzv67RZ6TwbpW7DYH3-1-2yqIAxDk5g6kbutXEdFr_fjufRsfGg
Protocol: H2
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELv-ndPKvl4S2eYmyH_Jqfk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 54F1
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDU3M2Y0ZjMtZDc0OC0yZjg3LWRhYWEtYmFlZGJkMDI1NGM2

170 B
188 B

35ms
34ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDU3M2Y0ZjMtZDc0OC0yZjg3LWRhYWEtYmFlZGJkMDI1NGM2

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 16:45:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDU3M2Y0ZjMtZDc0OC0yZjg3LWRhYWEtYmFlZGJkMDI1NGM2
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE3F 0
20 B 121ms
120ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6151330802009&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE3F 0
20 B 121ms
121ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6151330802009&version=m202309260101&ct=77&x=1&cor=5024342187811728000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CE3F 29 KB
18 KB 65ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D9TxAU-b-wNMnGOeaAi9ssBEJw6kmoJqlX9mz8rqowh4l3CpgyDMykUrlibRFdySG2tInRc4aBf7F5M8AA8T_sCNAtqz81Ijq0AML4k9OAgk0T3UTGojbFuzaKYbRvDewnKlefCrKbpME6cR9iVSRytgZN30iraau4yVER-5xYoLIizXk&cry=1&dbm_d=AKAmf-BgnRLejKvZbBGOb6YGlHd80SXHPbGiC92n6P27dowp6jASUUYVHrM8-VoAQArjmI62273a-uQRI1pFhr5PtDKRf3NgwIo8G5Ob2mTbfMIjRxZ1419P-vomWtse-aLWSGgO_exxk_T9nJtPyNeG_qwUiSs5gsP1Yq9uSEtOk3TMK1j4j5aCJU6UfuCYHMt9RSaRE-FsCu745JFykx-FiclmrXNAIotq82bPViH0N7JI0fxb6jvn3a_X-EX6Dmw0MYH-NV0L_Ay2Qk_KGgOB25_DDKRGYPiVQqwImKEzwLu6HhyQ5PEbONkSxaJ3vUvo9cKzVzBsBhjrhTMhuoJwGg4rMXEQBJaVs2JhNUPsI5Ds_goi5ZSJzjU11P4x8pLyRlatEMymJnOSGufjLGPIre8azjn1KgVtsiGf62ZZd_Iq_hEnE7DjdHrOY7DFQ4wpWCDrE8PlfrcpGcws1uLRHavih8IVaARVhyqPTQ9SXaCWHaOtWgj8t_tmsdsfPDIQK3GB9eINiZcEBZZYvzpjP6Cck_IAv_b3Y0G8y3LmwYPdURZTNlN7d9KtEh8wKobHyXepCc0uyzV5PWQbBgGtEkZKsRbVYq6cq6qYDGyvi5dnyjiQNH1b43NWNMPNFgkP1NxQxRLPmd7rJ7BtXhm6jIJCpTJz4nghNJJKjACM8fpVDjlR2isOHsleCr6wFuCzcev6SsuyZwB_WXnoQkBqM-NZNyDcNycHFFxi3nAYIMtcRXiNHaxGpF79cN-PMiFzvA0jXLjQCcQgPaJzsvxJRnxlCgy2XNLrUdPHB5clbMlbi_-fVZc3HHJRfz1fUZ_2onri5Xt5bXV53YS1AFEDLTMh8xkpmiTIgmDOHTXY1k55SjZWfqqd4FJtGFFJfmrBbenvf7Ord_t2eTr4sVNHd8BksmTC4zC6mpTogdOWN3gtvZRrf_3-dzQ6qJe9iri3YDfhOIeBwTbi1r7ArYWW1K1NkYRyi2DQyYWd_cf_gXcuPeQnj1VpHBlR7-mMPLfO_7CJH49yjMbWSPQcca3dZ-VgLthU9HrHuE9HwMm4GzyCGCmvlMS243UdkC8uv4l_jclNRRfix57lDC53Dgix6u8xIj3YiSRigJSBzd7ZlVs43GsRmhTViIM1hpacjazCe2gVchCbkT4QifnZEHapa3VmG2gFIOVab7mhGTFCqIsaloMk4YtOX7EK5s9nW2OIqnSMah4x7vdGJUAiu01abSGfHoYXzIB7u401HSVxwHaXzlHXCYRDPmW06sPk2NQY0hzMzvxS5FFziz19hXsg4CDgpvKJ6Wc0tX1ua-F9vmwyMdPhRgOaKEO8bI-2gA1YygnAdrXri1Ayxs7S_f4E0l6fbrRtGUBqxF26rweCL-l6fNTdIeO1mFQwjMM5iO1_K0bmiCYEnz3W_riaMUDb1f1FP37eIpnLO5ciiKbjFwwFlzzPGZVu5VfE6KWMqN2d4ZNNqW-wTTHgnDfN7ZrmuC6mnO9VEMrUQwoBR6XTlVjEtaS-J_9mRB3040MV4TunU3pBTf3KvYr2Wq35jZllbvZALsBm4OSwhT6_VeWL1iAQH7MFI58Jh4-WWzRIT9P_nwj4JN_blFPhVWribL9uHqGpMj8yV9uwU_e6wiAeUkcuinP_6Co1pb1753v6M61wcntS2wM3_8TICtmlWK99hqIkEiwTHcYiffJetdGL2BFKVwBybVTi8JP7N1wIGmFaOSqOALDbJ_o1w0SYyg1QMNZO8eDtvMgcRvSWLyizaZKtAqHFdeGatC4sjhHeHlSd8rEC_dPgnklouhhkvCfdWUnKQBzHjutfA2TYPSA-K4UiCRjYzm7OmjFDH4PitU-5loOCJoTDYUTG5af2DAQ7CXThFXTgfhA5NvG5YjRlfBRk0RsZ9cioxRw3PlEZdlvIz0OvaclE9VYe5U8jJ93PDvz86h8wyCcSYdlP46mCrORXAZxVAsKBus_inZdqwTUg5i258W-4aQdl0XvBIkrS6qMe9WFIuVfPsm-_r7tSc4BeS2K4RQzI7fLZ5IEFGlWND19XZamaOVfi32IVuyg59UYSNZwhehy4OAK9DkvuUm4Z2T9mvL75rrwUPjWv30GD-JwAyXpVxqoQnYIEMFy0_wMTrevKhTvwZsr0ZOsHiS053ltgrXgwkhU_6HbOgNlr4yjdhudL8OBj6G-PkSgWpWUw6aoIqoDSuPvggvjSK8KFwibgVF484GWte6QUfNUmspSuxmoKoHoO2kG1QdBJQuaxZLI6v5scacWH0j3UzpxcjDT4TfgCtka6_B7_sQU2Y3RTO0We-DVkubvhjv9gXF4esznxWApafv984R_cj74cSBiWXwEQ25cdv9FBnY2uCkv6UZei3uoN5X-0renpqgdxVkN_eXMccGbYQ84thJrp-7iJ-YDo98N1walUJHnQ-llp_E5-Jmkdh8V_fgde5r_r16lHrPBfui6Hyre8oX1nqdvDoVYbTeRCHRcXmOopTiLcJHFwQtt-BOsQju5PtzFPRYAH_8GyOg1cyfyWaqRexVkLi8Ndy33uP99EdcJfvaNiIQPwkFbioziIXuPWVouhHEYenjL7efwyYqCl6xrZwQMSg4xA4UFvhUBxz7Un1FHH8GWTaj6-1cw5g-AniWMHdv5zCLrtDMR_ePf9s4rh1xl1roLUQUEPX6DqQ5Mj6tdo3-jgKwyHHJIO-96J02jq2dAs5DrJEj1rbRCcp4ZN5_dlmUSQAZIYiFF8kspSwfzQgq2VnwHOutMMtrHKj-04rSikBjp0CrinkjilRuAINZjr2HGwwblFDQs8rfSRcKj9DU1FfUdBSb0137yXxh8h651z6HClHnrcWwYdAO81TyX6xWJx9iXS4lcku7SnGqFBGDrB_dJK7M2dshRnNpX_Lx9YlOceoruAWJ7-LXjGRhmttO6zvK2oXq3CTKmPJ1YrM8TtoE7fRyjjYDAp9pS2YioAlNrqv6fNzbphG5ffWowhQGC4x6mJ15P9B1bzPnVbZi7_frfLoCbT3__FfYeHjPIT5DOg5T5VpUZRn5YZrQAnHOVRK68-QwtvP2oL3OPisB9oyx02y7kwmU5So7rjffnssIGEf740loreSX3u80D7tZpkmYqEUptUd6ErfS-7njw9DZjv9R7Pk-p0-d9s13wExjYyulaLXNhxKz4ecph7WpMZDJ9WoFjYKfFjRzTyr9Zs7laaWQ4sCwEa0E-c-vaJsbMXEsEiuwsjiYdY4BNp7xn2Ip17i8bh00wMZOXnqG27G9xgTXbE5QDQYKWflgTLvf0NhzSWL_RRi6m0gQ9WlenPd2dZ8ND29EYtZrpEsPfP9_UBik49dh408mQ-QEUtSeTxuWaYxVLyQMXEVYBP_rus6kRTj6aXcixeNxkGP9F_3mAATsjFgU6nCIOi3WafU4Nc1AhrbkomoWS2zaa_Nxro2wPCvR7aOc_nouXq98UAr5S9t-o8WO954bdnUvK8F7Nkz_YIvp-cdP0NaivFw9meN1-gqwZua3nDM89Ey5sIQo54Ew2QVEz9V7LrdNbpsG_G4EG3tPrMOcGI0wb_hAmaPrZmbSn_nZgdlbi9EHNAJN22WtuI59sB3-twydKQ9XXypF9YlWlpq4pXNWSfX6NdLlK3uEpzy7zB4WXJpxRQ&cid=CAQSKQDICaaNLQysGzwlJlnNVepx0U9z_1pJUW3-IRJoUYUbJDrMz0-qhaZ1GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5024342187811728000&adk=1268836065&idt=383&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a0eae898da5203a8383addb1ae48afa739c2a0129a16c55b7d8fbeebd76a46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18038
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7CFA 0
19 B 68ms
64ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C5DGyHegeZab3GuWYi9YP5ZKD6AnJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjGja0_tpbE-qAMByAMCqgTKAU_QibPEEmBI6MYfI9gQMpIlUbOIYf0wnY2q94vvZ_J6Kfuta4dwQktCS8FyxcyIcbytc3rEGx4KmiD4wJDmATpE1x8aN-kTOcON_0WtJ6txom7xRpHxbhgfV3_B4cfLEdHACGXMwEohcdor5DyRcQg_vb9_gqTATG3AOtWVjeJLZA-EqDE3aaCehk4Uw-kOGWrql_2ozD3W0KSaAa_OpHEhfCmtORDIWSx0YIOTiG81lTeDCWKonZpcTckhBsIVH1hKtGqHACB7FimABuLFm__n6ZftIKAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTqACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTg4NDI5NDQ3OTM5MTYzOBiZ0iE&sigh=OcRaJvQhhnA&uach_m=[UACH]&cid=CAQSKQDICaaNmTkgzuOBoopV6_dM_GmkutaT7PR4TqtBHpLh1Wt9-E1GVWH9GAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046732&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696524314662&bpp=333&bdt=1841&idt=1811&shv=r20231003&mjsv=m202309291101&ptt=5&saldr=sd&is_amp=1&correlator=6464&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2209476960&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C31078301%2C44804171%2C21065725%2C31078488&oid=2&pvsid=4098724296574072&tmod=1031347299&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.gxhq9t1w9t1&fsb=1&dtd=1853
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 16:45:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 7CFA 0
126 B 153ms
64ms Image
text/plain 2a02:2638:d::c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k5vwFOyuBKwC-gGdg2ICAgAAALFn8QmqTG_wDMZfJgivy4YQHOgeZV9uF883E1vn-ewAABIAAAoKQVFVQkR3RUJEdw&wp=ZR7oHQAGu6YEwsxlAADJZdS1Lr-zHbge9es9wQ&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:20 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 123931
server: Kestrel
content-length: 0

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 3669 37 KB
14 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 16:41:03 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A972 38 KB
13 KB 21ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 57529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 00:46:31 GMT
expires: Fri, 04 Oct 2024 00:46:31 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1D3E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

55ms
55ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:20 GMT
expires: Thu, 05 Oct 2023 16:45:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15264612087899687023/ Frame 40B2 118 KB
22 KB 3530ms
34ms Document
text/html 2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15264612087899687023/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e4f8f50d057bf164c98263951f4cd3afa5531559fcbb8fcd3659de34e16f355e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 201540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22198
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 08:46:24 GMT
expires: Wed, 02 Oct 2024 08:46:24 GMT
last-modified: Fri, 14 Jul 2023 08:21:37 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 191F 0
0 3664ms
66ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuEgBhgUw06XIl10pD6CvdzdFrVowbJQVvp4TjBIzeK1_kHe_75BW8eObqFfcY351vowjO1hEEQckrZVOwtmNifaTQyDxmWPySIZVU0mOJXWz402EoVFV7cvyA8SQrALRplwimYRUDPkXu9qkZBt7cnJQqx9ZbDdaCV6HqZ6jkSlMjK6hpvUlTF6MFZ6VrOQuOxgUrfjiREE_o1ssTF88izQCugUx4vAQbP6l3S1dr2yinutyFztocH2pu11P-uX2sTBFtYA2MygEEW7FlfHC3MCUPnY0Z2v54DacIErGlZA2gQYObsfxGnbgX0_dJNo_ykjI2S2fzwzUpRoATy9FGi1SnrYy54x7JPXMRXtwFLwyUxKWC7GE2ZP-QnLcQL8c8vdrZYaFaDyjXoCq8tjMAhxM3nZ6ZRdhs41_8p0qJFbaMqZfigmlzeDTgt815QwXOzu_QrZlM9xzSdwMvcFEe9Z8sWS3rW9-tiEnq42kSMqOqaygmGY6pf1jl3M5PEOK-6lG9PxC9m85B7I2nQkFEWxFgBmrnsT_Xg48C-C91tsj32fGQ7gUHuBargGDXaePjsUVLh7ifVscvYpqHxlUrDQkbZRrCAnIiYIraFYQpQEC4H8PXDnqr9kcwsjaG4ouKJz07glo-wvwz9pyPdzMQn0rf2vooj2ctDwMyaIJ7GY4RgbosCVj2DIxqik8YYkR6GEQktRh7u2jrW-cM9qwqrKBzrR7Hzi5tkzvumbHDDkqtcUA3z08D0pu1s32-hBwwsYnmSn2YeQAmp2seSvHsDMDCoyYYl0RbF7o2AfUL3dNWSc7CAlaL13C3nwLaLJqusTDfxEr6xCrNqsxUZunNT5uVSx7VcrZfUaULwnGwT2GF-fA_b3-WPneoZ9ElotgoeJ1QplOGZQWJMahTSM9qy7h2nfrP7_9P4SQG52xingAg8pgDzHKoZEh1UXKBI51r6_q0_VwJb8_rKopLYEeFMf4ssA2syBv5At4AgyrgtHLOKWuCB7XGKUL8P15-rT1D2maIkkjYTY4QcGwg6pVSycNVchl9n1MBsRuhToMudRiu4r-3mWsYz6P9N_GfQ1-5FRMRgm4jHS_i1sj52i7VTWvQ1ZwCupTEMldnoPwuBlN8QKm5vyA70f2umWA1-VM9HJIBvennxFz_hgCCaNe2E7lNMb-8RclWMIB39MeQaaJqg1vqv-xhghm7_Lxx6P5z3t_vuRhm1tP5Qg03bcUcfRUu0xj65OVGihrymxsM5ZvjhovnFzh6u1_QitnHu&sai=AMfl-YRqfb3txlhQzkHJVQYBEPy55mkP71mpl9YYCa40cUue9wgTHtnIoV15uym_Fpme6sO2X4eItPfUwwfTnt3aWGUHK4QFWY6FG_njwH4LgtEmUhfR3NZjH4HWLXEXuppqCxVhJyj4EosQ-RP5zYSZ3AysEXeBRaeqe3QcBEAVK5OemEVZ3Ol8dy4k8nndnFFsjRBw3O7HjX9n&sig=Cg0ArKJSzGfrGi7QUpGtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1211&cbvp=1&cstd=1202&cisv=r20231003.91359&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 16:45:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9D6F
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=QWNiWm1zN1UxUU9ydHk1&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfP...

170 B
188 B

39ms
38ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=QWNiWm1zN1UxUU9ydHk1&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfPcxv7olD2q55qqffNo0LgtnpIVMdpy6BJ5zelFLSzaB5CKNw72yfQ_

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 16:45:23 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-790-g2a3fdc2#rel-ec2-master i-0e647d20a74bb4317@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=QWNiWm1zN1UxUU9ydHk1&google_gid=CAESEJ89UPjMXd1gROGbW7_LKKc&google_cver=1&google_push=AXcoOmR84AH4Ej9QPQ9i6ZBlvGvA-jUh6wym6ewCTyk6HfPcxv7olD2q55qqffNo0LgtnpIVMdpy6BJ5zelFLSzaB5CKNw72yfQ_
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 9D6F 43 B
426 B 341ms
197ms Image
image/gif 2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmSYb_H_-3JSaX1UCguv7Eqmhc3OsSKtfdvxiGJZF5gH4vn-PAK5NwTjekBNvaRCMFgWK1kS1_hN-u0i9LfltwB-SDTHfTlP&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSYb_H_-3JSaX1UCguv7Eqmhc3OsSKtfdvxiGJZF5gH4vn-PAK5NwTjekBNvaRCMFgWK1kS1_hN-u0i9LfltwB-SDTHfTlP%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8117226e5ac63caa-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 9D6F 43 B
363 B 3616ms
34ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSvSsxX2MM-FRzafcikS-q4Ql2wnhkfq9Rfyj1c7Cec1kqgOLeddaPNdDTwzWWeNF_n2ISQquZtto9BLHukSbJTxg-y8zOPdg&google_gid=CAESEOhkqA0FcjKjvgmULn3zpwo&google_cver=1

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 205895
expires: Thu, 05 Oct 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9D6F
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOF2EP-gVaD-tMm7as6-WP8&google_cver=1&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzYxMjM5MDc2MTgxODM5MTA2Nzk4OQ%3D%3D&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtngg...

170 B
188 B

36ms
35ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzYxMjM5MDc2MTgxODM5MTA2Nzk4OQ%3D%3D&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5AtQ

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzYxMjM5MDc2MTgxODM5MTA2Nzk4OQ%3D%3D&google_push=AXcoOmRD9BkVw_CGYhDllpPRBQaPmlOY4CJLFYE7KT6-IaXLXygLtnggVQfyA5Jf5MhgjySFOwIijZZ44NFTV45dYiOvt4AapY5AtQ
date: Thu, 05 Oct 2023 16:45:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 9D6F 0
44 B 3822ms
241ms Image
text/plain 35.73.212.134

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEFkUqn8_tOhdCHszBwefN5o&google_cver=1&google_push=AXcoOmRfCV3VPdk9erYsKEn0bNKzqVzZYkZ6QaWE0e4z76BY3z1rEMt_0SkATsaA2ap4bjQ4MNivxPGSt4W3ba4RaZlHR7KWi8q50A
Requested by: Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.212.134 -, , ASN (),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:24 GMT
server: awselb/2.0

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 9D6F 0
35 B 3606ms
25ms Image
text/plain 3.77.247.132

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEJ3QbcgcqBhRyXSihHdZsO4&google_cver=1&google_push=AXcoOmRngs9F1cx5ij5R8PLicfpJ7raSj4UzyqCtLjXRoUNTEKTx8ETP8LobDW_HhNqPTbv3GAqPaUXo3EsYFiJBNct7uqvecgpokzU
Requested by: Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.77.247.132 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:24 GMT

GET google
sync-dmp.aura-dsp.com/match/ Frame 9D6F 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9D6F 0
12 B 203ms
77ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KQX6XFlpyYiCAjfJV1QCPgmVO6TvYRuU3cm--X_2x-zFsXxWVbbzU_vkE9s7nssXLA5__-Sd8

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEEBb8cxVWK54hjeJz68ysCQ&google_cver=1&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0PItnE6rPddhCI
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0...

170 B
188 B

71ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0PItnE6rPddhCI

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 16:45:21 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3D9A4FF596654D05ADA96A6E11426A47&google_push=AXcoOmQZ9Sjk6Y1WCbSWZrMeaT31kZXxTEdPqVtal7WFbtgqfVu2XINDB0dojlcWi5CP32TSQa3FoKuI86McIR0PItnE6rPddhCI
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Oct 2023 16:45:21 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESELnj7HOkmgBTx6txMc5HaCY&google_cver=1&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaB...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaBlEyeWuIK7-oDVKMdH&google_hm=YeywyZDnQ3S08wyQq728aoM

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaBlEyeWuIK7-oDVKMdH&google_hm=YeywyZDnQ3S08wyQq728aoM

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:23 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQOaVk7Fv9rAGb6w647x77r2Al3VSyADvoSz0ZuIzCCRD69lTMk_GjQUCk0s2cJcDhCMqCOiuRViaBlEyeWuIK7-oDVKMdH&google_hm=YeywyZDnQ3S08wyQq728aoM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJY3HMPyJRXSRHFnqU63ncc&google_cver=1&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSdPSLNYKaEzIN9_n0yrDoF0atBTryBxX7K8kkFcgPmrvL76zNhmENOUMimal5UaFmj1BizO4yHywdwp9FE1GCiD5cjgZof&google_hm=tkqtBbe5yA0pPqzjpPmgHA==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=q99XGHkZSxux1gX7wi3EDA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

38ms
38ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=q99XGHkZSxux1gX7wi3EDA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ287UXR9Jg654l3t9et7C405UAK71ycM9ioLA9VISynZltwrhlUIKpkxqn4ONjvjyP6xycjx_BebT7uowTMFrghEfinKEn

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=q99XGHkZSxux1gX7wi3EDA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQ287UXR9Jg654l3t9et7C405UAK71ycM9ioLA9VISynZltwrhlUIKpkxqn4ONjvjyP6xycjx_BebT7uowTMFrghEfinKEn
date: Thu, 05 Oct 2023 16:45:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBEz3EHrBVrkDN_anYwfcPM&google_cver=1&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIV...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIVnqM2KEqMWOiyiXiW

170 B
188 B

69ms
30ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIVnqM2KEqMWOiyiXiW

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSmRzLQHLLeuMEFkNBqgHOHZt-aQBnzn3xJpZd8BGvfcn8UE6OivWCTGbpJ39xGxtaIt49Jt27ecRIVnqM2KEqMWOiyiXiW
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3A55
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESELwXbZtqpf7xABSHXOMGvA0&google_cver=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHXe-PxRs8RIoikZ9RsUdE1GJQ4bz-kdI5TObYI1ROjjxD3ZILyGQjigfVNsqSmMdXzUJSrU
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&mn_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHX...

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&mn_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHXe-PxRs8RIoikZ9RsUdE1GJQ4bz-kdI5TObYI1ROjjxD3ZILyGQjigfVNsqSmMdXzUJSrU&gdpr=&gdpr_consent=

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 16:45:24 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&mn_hm=MzM5NTI1OTI0ODQ1NDc3MzAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmR_hnkuuQcEr1AX0OF2adRhfHXe-PxRs8RIoikZ9RsUdE1GJQ4bz-kdI5TObYI1ROjjxD3ZILyGQjigfVNsqSmMdXzUJSrU&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Thu, 05 Oct 2023 16:45:24 GMT

GET
H3

200

dot.gif
s0.2mdn.net/ Frame 3A55
Redirect Chain

https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1Qqj...
https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1Qqj...
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=AXcoOmQk2D8Ix8PDIAR3lghqRvLy14anJwmM2CRdF_-DqNarmw8uMp2ECX7io1C1oVCuFZTU-xvO8F_2BMxnyj5B1QqjJHG...
https://sync.gonet-ads.com/match/google
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=
https://s0.2mdn.net/dot.gif?google_error=5

43 B
66 B

31ms
30ms

Image
image/gif

2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_error=5

Protocol

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 21:32:34 GMT
x-content-type-options: nosniff
age: 69171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Oct 2023 21:32:34 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://s0.2mdn.net/dot.gif?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3A55 0
12 B 165ms
98ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JISnUwVeR48C0A__Q8wFc_WHuAj9b8WLPJL8dcX-CiqqvxZCUfXg17HnariYxTzeVk-zkDCw

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 3434ms
56ms Preflight
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 16:45:24 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame CE3F 30 KB
11 KB 66ms
19ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D9TxAU-b-wNMnGOeaAi9ssBEJw6kmoJqlX9mz8rqowh4l3CpgyDMykUrlibRFdySG2tInRc4aBf7F5M8AA8T_sCNAtqz81Ijq0AML4k9OAgk0T3UTGojbFuzaKYbRvDewnKlefCrKbpME6cR9iVSRytgZN30iraau4yVER-5xYoLIizXk&cry=1&dbm_d=AKAmf-BgnRLejKvZbBGOb6YGlHd80SXHPbGiC92n6P27dowp6jASUUYVHrM8-VoAQArjmI62273a-uQRI1pFhr5PtDKRf3NgwIo8G5Ob2mTbfMIjRxZ1419P-vomWtse-aLWSGgO_exxk_T9nJtPyNeG_qwUiSs5gsP1Yq9uSEtOk3TMK1j4j5aCJU6UfuCYHMt9RSaRE-FsCu745JFykx-FiclmrXNAIotq82bPViH0N7JI0fxb6jvn3a_X-EX6Dmw0MYH-NV0L_Ay2Qk_KGgOB25_DDKRGYPiVQqwImKEzwLu6HhyQ5PEbONkSxaJ3vUvo9cKzVzBsBhjrhTMhuoJwGg4rMXEQBJaVs2JhNUPsI5Ds_goi5ZSJzjU11P4x8pLyRlatEMymJnOSGufjLGPIre8azjn1KgVtsiGf62ZZd_Iq_hEnE7DjdHrOY7DFQ4wpWCDrE8PlfrcpGcws1uLRHavih8IVaARVhyqPTQ9SXaCWHaOtWgj8t_tmsdsfPDIQK3GB9eINiZcEBZZYvzpjP6Cck_IAv_b3Y0G8y3LmwYPdURZTNlN7d9KtEh8wKobHyXepCc0uyzV5PWQbBgGtEkZKsRbVYq6cq6qYDGyvi5dnyjiQNH1b43NWNMPNFgkP1NxQxRLPmd7rJ7BtXhm6jIJCpTJz4nghNJJKjACM8fpVDjlR2isOHsleCr6wFuCzcev6SsuyZwB_WXnoQkBqM-NZNyDcNycHFFxi3nAYIMtcRXiNHaxGpF79cN-PMiFzvA0jXLjQCcQgPaJzsvxJRnxlCgy2XNLrUdPHB5clbMlbi_-fVZc3HHJRfz1fUZ_2onri5Xt5bXV53YS1AFEDLTMh8xkpmiTIgmDOHTXY1k55SjZWfqqd4FJtGFFJfmrBbenvf7Ord_t2eTr4sVNHd8BksmTC4zC6mpTogdOWN3gtvZRrf_3-dzQ6qJe9iri3YDfhOIeBwTbi1r7ArYWW1K1NkYRyi2DQyYWd_cf_gXcuPeQnj1VpHBlR7-mMPLfO_7CJH49yjMbWSPQcca3dZ-VgLthU9HrHuE9HwMm4GzyCGCmvlMS243UdkC8uv4l_jclNRRfix57lDC53Dgix6u8xIj3YiSRigJSBzd7ZlVs43GsRmhTViIM1hpacjazCe2gVchCbkT4QifnZEHapa3VmG2gFIOVab7mhGTFCqIsaloMk4YtOX7EK5s9nW2OIqnSMah4x7vdGJUAiu01abSGfHoYXzIB7u401HSVxwHaXzlHXCYRDPmW06sPk2NQY0hzMzvxS5FFziz19hXsg4CDgpvKJ6Wc0tX1ua-F9vmwyMdPhRgOaKEO8bI-2gA1YygnAdrXri1Ayxs7S_f4E0l6fbrRtGUBqxF26rweCL-l6fNTdIeO1mFQwjMM5iO1_K0bmiCYEnz3W_riaMUDb1f1FP37eIpnLO5ciiKbjFwwFlzzPGZVu5VfE6KWMqN2d4ZNNqW-wTTHgnDfN7ZrmuC6mnO9VEMrUQwoBR6XTlVjEtaS-J_9mRB3040MV4TunU3pBTf3KvYr2Wq35jZllbvZALsBm4OSwhT6_VeWL1iAQH7MFI58Jh4-WWzRIT9P_nwj4JN_blFPhVWribL9uHqGpMj8yV9uwU_e6wiAeUkcuinP_6Co1pb1753v6M61wcntS2wM3_8TICtmlWK99hqIkEiwTHcYiffJetdGL2BFKVwBybVTi8JP7N1wIGmFaOSqOALDbJ_o1w0SYyg1QMNZO8eDtvMgcRvSWLyizaZKtAqHFdeGatC4sjhHeHlSd8rEC_dPgnklouhhkvCfdWUnKQBzHjutfA2TYPSA-K4UiCRjYzm7OmjFDH4PitU-5loOCJoTDYUTG5af2DAQ7CXThFXTgfhA5NvG5YjRlfBRk0RsZ9cioxRw3PlEZdlvIz0OvaclE9VYe5U8jJ93PDvz86h8wyCcSYdlP46mCrORXAZxVAsKBus_inZdqwTUg5i258W-4aQdl0XvBIkrS6qMe9WFIuVfPsm-_r7tSc4BeS2K4RQzI7fLZ5IEFGlWND19XZamaOVfi32IVuyg59UYSNZwhehy4OAK9DkvuUm4Z2T9mvL75rrwUPjWv30GD-JwAyXpVxqoQnYIEMFy0_wMTrevKhTvwZsr0ZOsHiS053ltgrXgwkhU_6HbOgNlr4yjdhudL8OBj6G-PkSgWpWUw6aoIqoDSuPvggvjSK8KFwibgVF484GWte6QUfNUmspSuxmoKoHoO2kG1QdBJQuaxZLI6v5scacWH0j3UzpxcjDT4TfgCtka6_B7_sQU2Y3RTO0We-DVkubvhjv9gXF4esznxWApafv984R_cj74cSBiWXwEQ25cdv9FBnY2uCkv6UZei3uoN5X-0renpqgdxVkN_eXMccGbYQ84thJrp-7iJ-YDo98N1walUJHnQ-llp_E5-Jmkdh8V_fgde5r_r16lHrPBfui6Hyre8oX1nqdvDoVYbTeRCHRcXmOopTiLcJHFwQtt-BOsQju5PtzFPRYAH_8GyOg1cyfyWaqRexVkLi8Ndy33uP99EdcJfvaNiIQPwkFbioziIXuPWVouhHEYenjL7efwyYqCl6xrZwQMSg4xA4UFvhUBxz7Un1FHH8GWTaj6-1cw5g-AniWMHdv5zCLrtDMR_ePf9s4rh1xl1roLUQUEPX6DqQ5Mj6tdo3-jgKwyHHJIO-96J02jq2dAs5DrJEj1rbRCcp4ZN5_dlmUSQAZIYiFF8kspSwfzQgq2VnwHOutMMtrHKj-04rSikBjp0CrinkjilRuAINZjr2HGwwblFDQs8rfSRcKj9DU1FfUdBSb0137yXxh8h651z6HClHnrcWwYdAO81TyX6xWJx9iXS4lcku7SnGqFBGDrB_dJK7M2dshRnNpX_Lx9YlOceoruAWJ7-LXjGRhmttO6zvK2oXq3CTKmPJ1YrM8TtoE7fRyjjYDAp9pS2YioAlNrqv6fNzbphG5ffWowhQGC4x6mJ15P9B1bzPnVbZi7_frfLoCbT3__FfYeHjPIT5DOg5T5VpUZRn5YZrQAnHOVRK68-QwtvP2oL3OPisB9oyx02y7kwmU5So7rjffnssIGEf740loreSX3u80D7tZpkmYqEUptUd6ErfS-7njw9DZjv9R7Pk-p0-d9s13wExjYyulaLXNhxKz4ecph7WpMZDJ9WoFjYKfFjRzTyr9Zs7laaWQ4sCwEa0E-c-vaJsbMXEsEiuwsjiYdY4BNp7xn2Ip17i8bh00wMZOXnqG27G9xgTXbE5QDQYKWflgTLvf0NhzSWL_RRi6m0gQ9WlenPd2dZ8ND29EYtZrpEsPfP9_UBik49dh408mQ-QEUtSeTxuWaYxVLyQMXEVYBP_rus6kRTj6aXcixeNxkGP9F_3mAATsjFgU6nCIOi3WafU4Nc1AhrbkomoWS2zaa_Nxro2wPCvR7aOc_nouXq98UAr5S9t-o8WO954bdnUvK8F7Nkz_YIvp-cdP0NaivFw9meN1-gqwZua3nDM89Ey5sIQo54Ew2QVEz9V7LrdNbpsG_G4EG3tPrMOcGI0wb_hAmaPrZmbSn_nZgdlbi9EHNAJN22WtuI59sB3-twydKQ9XXypF9YlWlpq4pXNWSfX6NdLlK3uEpzy7zB4WXJpxRQ&cid=CAQSKQDICaaNLQysGzwlJlnNVepx0U9z_1pJUW3-IRJoUYUbJDrMz0-qhaZ1GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5024342187811728000&adk=1268836065&idt=383&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:48:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:48:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CE3F 41 KB
13 KB 62ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 553617
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 56DC 0
0 93ms
93ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYdldSN5eGcZwe_3Kzy2rIxn3yGcigvCbcon_srLVETdzVIBjEOfC7M8b0D70LOIadcmYwBWQQnSJfWuNZMCa1pV-lQ35otVKuirYDCXybR1AqD5zGM6YgjUixO5yHJjGgUFyWFMk5BDE5zz8Me-RKteIlgEXYa_q57MtRPvPgGmc-8q65x_ES5ld9zOYS2-Xa2eq_9gciD1jNWV_Mwbu-_MfYzWRQY_rIGpJJ8e3q04PuLISQ8w7YWp6PwNp1puymFkiVlorBSuLiby-2PWVPqTQi8JJIMcfIgE6ZlKaAUM69FmDRpyHw2BSHNZa3E89mRr20ejXglVO_zVrww36JaTVfLTp1IEkUtPsANXo&sai=AMfl-YQzxSVxMubBI7B8dAmvHXYouRo8VZAJr9w3suz8H9SxxmzNSuPpo4o3XeDh07IvHVSwcOLJC2Z7hVVAZM0&sig=Cg0ArKJSzGY_7evusMGlEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 16:45:21 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 56DC 16 KB
12 KB 93ms
92ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231003&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

180597870c70ea1f5c71323512a5cebb43a4532c10aac4030eb826556868ff1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12015
x-xss-protection: 0

GET
H2 200 banner Show response
ad4.adfarm1.adition.com/ Frame CE3F 19 B
400 B 35ms
27ms Script
text/javascript 217.79.188.46

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/banner?sid=4787112&adjsver=3&fvers=&iframe=1&ref=https%3A//948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/&ro=https%3A//fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/89.0.4389.72%20Safari/537.36&os=17&browser=11&userid=0&wi=1307643107&ac=1&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCY%2D%2DaHOgeZe62IJSrgAfn9auwB%5Fu9i6xzv5%5FosYgR2rbi75o4EAEg08vOMGD1lc6B4ATIAQmpAh2bGWpap7E%2DqAMByAObBKoE7QFP0ARRX4VcvHi4CzaU1%5FPQNhqev0i1u%2DJklcxIOA1FtwASVVNhp2XCpzrvpwyx3RRPXdpfcBJgkEh4hqHCUdrVmQ2aFBUOZSlRJWFghR%2DyXY2Q7J5Z8BGtoKtiNsE1smbGEK%5F1BDaOkwfUFQNzim%2DuHOImU8HCZ7%2DfTfwS%2DmSUuUZoGGkaOdcDwXSadJclNRsm%5FeSVwnZZVwLE0mW8Rkq7xzssAz3n4g6EHQdeU6Od8BBnqshK5Lb06K9LjrqvpFZR8xV%5FmgCTf5GPruqVkPnnJRz%2DfnNq2TqM%2DhQbm5bCyhEcGtin0IjLAXnLk1nABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB%5FDrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH%5Fp6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH%5F56xAqgH35%2DxAtgHANIIFAiAYRABGB0yAooCOgKAQEi9%5FcE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI5oz0ya3fgQMVlBXgCh3n%2Dgp2sBOq44EV0BMA2BMKiBQB2BQB0BUB%2DBYBgBcB6BcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaNLQysGzwlJlnNVepx0U9z%5F1pJUW3%2DIRJoUYUbJDrMz0%2DqhaZ1GAE%26sig%3DAOD64%5F13SWLc3KkgMvKEc7ccd6dX6x266Q%26client%3Dca%2Dpub%2D5884294479391638%26dbm%5Fc%3DAKAmf%2DCwov8Z8oi72DlQQROK8F%5F%2DAQFP0f5IiKrhWMDEj05Of6dncJftO871HpYUcKsp1zEw%5FDAtUO1vZesQWO60zMYR0H3nrhO8Ac8Fl4ya8pENX%5FOtvf8jznbaac8FGoYj2cw%5FxftVAgLizm5CTlEeJ%2DTlTlJKM8xKcXBvstfTVvSY0DiJUEk%26cry%3D1%26dbm%5Fd%3DAKAmf%2DBjFEmLo25dJccxMwcOIpbkB4TIz7nJeBtCeA16FTphRpvn%5Fw2Z2%5F5W%2D8Kpi64%2Ds85G10A5D6bXXzWXNyIcVRuIKXpFjsAjbkBrL%2DBx99wtfi1fdvwsVdiS0jxcW%2DnJlSqcgbRKjbJ8AT91OTTmlpan0%2DjEWhlQtNEvl8RX1HFczAz5COh1M8jCqxyjnD8IgsApNiGnUCSqtW%2DH4xTn4IzvwUrY7u7Loy4OSz7wQ%2DRJTYAq4vqjtNvFV%5F%5Fx8R1bBXWzaHaNK1kXWbCGx7vzkWh5IjFUoqFzogEcPfoD5DkeMW3u2p%2D0UzOmxsbWnDTkXrtjoR%2D8gfrCoKC00EiS%5FiC3Cz3tkdyHzBNDe30gaE5xVw9AkIivtXMc6PxDLvr8RaMBOMXMBvU%2Dazkou6i26Be0PFJ%2Djfo1JIjiYDcsY10x7BFD2tmMprW7e151LH0I9KeGuy34E7LO1fCGApl9bi%5Fzulukf%2D22eFQlQ3sJLULoAwjJBNiYQY6AVI9e006TiaNoQYeywOCNbn1EposfqBXAS2pP36rx0o98YJ8pPx8XkJY8JgkQDU8rlPkwykfi%5FOzTO337JlTgqMgongRRk4KHz4R2zHdIxNe6Kiyh2CwJWbyKKH4%26adurl%3D&gclid=EAIaIQobChMI7rT1ya3fgQMVlBXgCh3n%2Dgp2EAEYASAAEgKJgPD%5FBwE
Requested by: Host: ad4.adfarm1.adition.com
URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CY--aHOgeZe62IJSrgAfn9auwB_u9i6xzv5_osYgR2rbi75o4EAEg08vOMGD1lc6B4ATIAQmpAh2bGWpap7E-qAMByAObBKoE7QFP0ARRX4VcvHi4CzaU1_PQNhqev0i1u-JklcxIOA1FtwASVVNhp2XCpzrvpwyx3RRPXdpfcBJgkEh4hqHCUdrVmQ2aFBUOZSlRJWFghR-yXY2Q7J5Z8BGtoKtiNsE1smbGEK_1BDaOkwfUFQNzim-uHOImU8HCZ7-fTfwS-mSUuUZoGGkaOdcDwXSadJclNRsm_eSVwnZZVwLE0mW8Rkq7xzssAz3n4g6EHQdeU6Od8BBnqshK5Lb06K9LjrqvpFZR8xV_mgCTf5GPruqVkPnnJRz-fnNq2TqM-hQbm5bCyhEcGtin0IjLAXnLk1nABILP6uClBOAEA4gFvoTl9keQBgGgBk2AB_DrpcYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMI5oz0ya3fgQMVlBXgCh3n-gp2sBOq44EV0BMA2BMKiBQB2BQB0BUB-BYBgBcB6BcB&ae=1&gclid=EAIaIQobChMI7rT1ya3fgQMVlBXgCh3n-gp2EAEYASAAEgKJgPD_BwE&num=1&cid=CAQSKQDICaaNLQysGzwlJlnNVepx0U9z_1pJUW3-IRJoUYUbJDrMz0-qhaZ1GAE&sig=AOD64_13SWLc3KkgMvKEc7ccd6dX6x266Q&client=ca-pub-5884294479391638&dbm_c=AKAmf-Cwov8Z8oi72DlQQROK8F_-AQFP0f5IiKrhWMDEj05Of6dncJftO871HpYUcKsp1zEw_DAtUO1vZesQWO60zMYR0H3nrhO8Ac8Fl4ya8pENX_Otvf8jznbaac8FGoYj2cw_xftVAgLizm5CTlEeJ-TlTlJKM8xKcXBvstfTVvSY0DiJUEk&cry=1&dbm_d=AKAmf-BjFEmLo25dJccxMwcOIpbkB4TIz7nJeBtCeA16FTphRpvn_w2Z2_5W-8Kpi64-s85G10A5D6bXXzWXNyIcVRuIKXpFjsAjbkBrL-Bx99wtfi1fdvwsVdiS0jxcW-nJlSqcgbRKjbJ8AT91OTTmlpan0-jEWhlQtNEvl8RX1HFczAz5COh1M8jCqxyjnD8IgsApNiGnUCSqtW-H4xTn4IzvwUrY7u7Loy4OSz7wQ-RJTYAq4vqjtNvFV__x8R1bBXWzaHaNK1kXWbCGx7vzkWh5IjFUoqFzogEcPfoD5DkeMW3u2p-0UzOmxsbWnDTkXrtjoR-8gfrCoKC00EiS_iC3Cz3tkdyHzBNDe30gaE5xVw9AkIivtXMc6PxDLvr8RaMBOMXMBvU-azkou6i26Be0PFJ-jfo1JIjiYDcsY10x7BFD2tmMprW7e151LH0I9KeGuy34E7LO1fCGApl9bi_zulukf-22eFQlQ3sJLULoAwjJBNiYQY6AVI9e006TiaNoQYeywOCNbn1EposfqBXAS2pP36rx0o98YJ8pPx8XkJY8JgkQDU8rlPkwykfi_OzTO337JlTgqMgongRRk4KHz4R2zHdIxNe6Kiyh2CwJWbyKKH4&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 -, , ASN (),
Reverse DNS
Software: ADITIONSERVER v1.0 /
Resource Hash: c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 18:45:21 +0200
server: ADITIONSERVER v1.0
etag: 7286516475571667302
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
content-length: 19
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DBD 38 KB
14 KB 36ms
34ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: 2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
URL: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 10:33:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 10:33:14 GMT

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame A972 38 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 10:33:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 10:33:14 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B5C2 0
12 B 23ms
20ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?a_z2xA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 63D6 0
127 B 60ms
52ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 05 Oct 2023 16:45:24 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 68A6 0
12 B 21ms
19ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?yVDazw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 40B2 32 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15264612087899687023/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15264612087899687023/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 07:13:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 56DC 17 KB
6 KB 2444ms
2443ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 16:45:26 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3669 0
12 B 40ms
40ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-TcIxA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3D5C 1 KB
643 B 26ms
25ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 65354
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 22:36:10 GMT
etag: 48472445140208031
expires: Thu, 05 Oct 2023 22:36:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame CE3F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 700e7f54129d3ee957c453faffe040f5e56ade94f2e2f611c03b521aebbb0de1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 47B8 22 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 10552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 191F 0
0 119ms
118ms Fetch
image/gif 142.250.185.130

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuEgBhgUw06XIl10pD6CvdzdFrVowbJQVvp4TjBIzeK1_kHe_75BW8eObqFfcY351vowjO1hEEQckrZVOwtmNifaTQyDxmWPySIZVU0mOJXWz402EoVFV7cvyA8SQrALRplwimYRUDPkXu9qkZBt7cnJQqx9ZbDdaCV6HqZ6jkSlMjK6hpvUlTF6MFZ6VrOQuOxgUrfjiREE_o1ssTF88izQCugUx4vAQbP6l3S1dr2yinutyFztocH2pu11P-uX2sTBFtYA2MygEEW7FlfHC3MCUPnY0Z2v54DacIErGlZA2gQYObsfxGnbgX0_dJNo_ykjI2S2fzwzUpRoATy9FGi1SnrYy54x7JPXMRXtwFLwyUxKWC7GE2ZP-QnLcQL8c8vdrZYaFaDyjXoCq8tjMAhxM3nZ6ZRdhs41_8p0qJFbaMqZfigmlzeDTgt815QwXOzu_QrZlM9xzSdwMvcFEe9Z8sWS3rW9-tiEnq42kSMqOqaygmGY6pf1jl3M5PEOK-6lG9PxC9m85B7I2nQkFEWxFgBmrnsT_Xg48C-C91tsj32fGQ7gUHuBargGDXaePjsUVLh7ifVscvYpqHxlUrDQkbZRrCAnIiYIraFYQpQEC4H8PXDnqr9kcwsjaG4ouKJz07glo-wvwz9pyPdzMQn0rf2vooj2ctDwMyaIJ7GY4RgbosCVj2DIxqik8YYkR6GEQktRh7u2jrW-cM9qwqrKBzrR7Hzi5tkzvumbHDDkqtcUA3z08D0pu1s32-hBwwsYnmSn2YeQAmp2seSvHsDMDCoyYYl0RbF7o2AfUL3dNWSc7CAlaL13C3nwLaLJqusTDfxEr6xCrNqsxUZunNT5uVSx7VcrZfUaULwnGwT2GF-fA_b3-WPneoZ9ElotgoeJ1QplOGZQWJMahTSM9qy7h2nfrP7_9P4SQG52xingAg8pgDzHKoZEh1UXKBI51r6_q0_VwJb8_rKopLYEeFMf4ssA2syBv5At4AgyrgtHLOKWuCB7XGKUL8P15-rT1D2maIkkjYTY4QcGwg6pVSycNVchl9n1MBsRuhToMudRiu4r-3mWsYz6P9N_GfQ1-5FRMRgm4jHS_i1sj52i7VTWvQ1ZwCupTEMldnoPwuBlN8QKm5vyA70f2umWA1-VM9HJIBvennxFz_hgCCaNe2E7lNMb-8RclWMIB39MeQaaJqg1vqv-xhghm7_Lxx6P5z3t_vuRhm1tP5Qg03bcUcfRUu0xj65OVGihrymxsM5ZvjhovnFzh6u1_QitnHu&sai=AMfl-YRqfb3txlhQzkHJVQYBEPy55mkP71mpl9YYCa40cUue9wgTHtnIoV15uym_Fpme6sO2X4eItPfUwwfTnt3aWGUHK4QFWY6FG_njwH4LgtEmUhfR3NZjH4HWLXEXuppqCxVhJyj4EosQ-RP5zYSZ3AysEXeBRaeqe3QcBEAVK5OemEVZ3Ol8dy4k8nndnFFsjRBw3O7HjX9n&sig=Cg0ArKJSzGfrGi7QUpGtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=5615&vt=11&dtpt=4404&dett=3&cstd=1202&cisv=r20231003.91359&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D5C
Redirect Chain

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_cver=1&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9q...
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=21f0aa1b53d2188f&is_secure=true&networkId=14000&version=1&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_cver=1&google_push=AXcoOmTnTgTP...
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAIuZ3qAGqTqgN-PRChAAAAAAA&expiration=1696610725&google_cver=1&is_secure=true&google_gid=CAESEI5As6aE_dBeViDh-CZ9G...

170 B
188 B

35ms
35ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAIuZ3qAGqTqgN-PRChAAAAAAA&expiration=1696610725&google_cver=1&is_secure=true&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9qrQK9ixPgbV-AdMp4XzLnLcpXReYNm5uViAID0CzHretGq

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAAIuZ3qAGqTqgN-PRChAAAAAAA&expiration=1696610725&google_cver=1&is_secure=true&google_gid=CAESEI5As6aE_dBeViDh-CZ9Gv4&google_push=AXcoOmTnTgTP3LbtgYsVnGvVWhHK2thFueSFpXlidqXxFwHM84zCv9qrQK9ixPgbV-AdMp4XzLnLcpXReYNm5uViAID0CzHretGq
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H3 200 i.match
a.tribalfusion.com/ Frame 3D5C 43 B
609 B 215ms
214ms Image
image/gif 2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEOA7uOwDJzyaqFOnNR3Hq74&google_cver=1&google_push=AXcoOmQi4MZD85OrHdo-7mLWbeRlWuf0LBfn6wAPqK2XBkPcIjzFXSlf3l2CIiFpzJMFg9Rp3elMwCJZBo8EiNHruEnzosLWxuw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQi4MZD85OrHdo-7mLWbeRlWuf0LBfn6wAPqK2XBkPcIjzFXSlf3l2CIiFpzJMFg9Rp3elMwCJZBo8EiNHruEnzosLWxuw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 81172288dfae2355-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

503
Service Unavailable: Back-end server is at capacity

sync
r.scoota.co/ Frame 3D5C
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDRQ8CuMLa9lSGVTaoqp4eQ&google_cver=1&google_push=AXcoOmRaLpLbQGUZ2asoba2c8PJYMvepQ8J75RivZPf369xAWdNXh40j8lIG0-Cxuria1oMXHKvErOU0Il5iOYaEdm_g...
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

0
111 B

426ms
43ms

Image
text/plain

34.249.156.204

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google
Protocol: HTTP/1.1
Server: 34.249.156.204 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0

Redirect headers

location: //r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google
date: Thu, 05 Oct 2023 16:45:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D5C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO3LbIMsfhI1FlXw3mt7FAs&google_cver=1&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_Gi...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_GiMWv5h&google_hm=eS1qSG5FYTZoRTJwRXdyLn...

170 B
188 B

55ms
55ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_GiMWv5h&google_hm=eS1qSG5FYTZoRTJwRXdyLnA0NUlVY2V2MDdYOEVkZkFjen5B

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 16:45:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTbhpPCx-b0zSIEBim87oR6nwCbnmr-ZfzW_9HgQ6IRYgtf4N6lU9f_t3yweG2wyLMrNLLua7_51aJMurOrBK9r_GiMWv5h&google_hm=eS1qSG5FYTZoRTJwRXdyLnA0NUlVY2V2MDdYOEVkZkFjen5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D5C
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJY3HMPyJRXSRHFnqU63ncc&google_cver=1&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR&google_hm=tkqtBbe5yA0pPqzjpPmgHA==

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmT_SyvoDvgIzFECa4Kz5fpl-YAPm0ZZKb-B7iXbdEWdcGYom388zSO1mIIEI0sRomA1tLzZpiDlCu-fi1kbBnPFattP9AYR&google_hm=tkqtBbe5yA0pPqzjpPmgHA==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D5C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHMuhyAzEAIx5ir3RSI_jrs&google_cver=1&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRv...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5ERVMzRkItRi0zMlRJ&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRvBcampprx1XPfI_KUw_qfvL82B

170 B
188 B

49ms
49ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5ERVMzRkItRi0zMlRJ&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRvBcampprx1XPfI_KUw_qfvL82B

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE5ERVMzRkItRi0zMlRJ&google_push=AXcoOmSyiFSqEH-Fas04nagV2NuIx0EYi4QhgTqw-RHsnGPU5fnhkMuQxidD-MRXGEXV9XbbgRvBcampprx1XPfI_KUw_qfvL82B
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

dot.gif
s0.2mdn.net/ Frame 3D5C
Redirect Chain

https://sync.gonet-ads.com/match/google?google_gid=CAESEKCRrgi3P7N7S_Pzgu562TE&google_cver=1&google_push=AXcoOmRmbVrhz7sCO4N2cJNbOp4h7E-qqgh3Lf6F04TMiL-wlmImSJeHO5lpiK4eMd0_-pWypEjGR9FJSu9XjREmivcq...
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=AXcoOmRmbVrhz7sCO4N2cJNbOp4h7E-qqgh3Lf6F04TMiL-wlmImSJeHO5lpiK4eMd0_-pWypEjGR9FJSu9XjREmivcq4PO...
https://sync.gonet-ads.com/match/google
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NjgyMGYwY2QxMWY1Zjc5Mw&google_push=
https://s0.2mdn.net/dot.gif?google_error=5

43 B
66 B

21ms
20ms

Image
image/gif

2a00:1450:4001:82f::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_error=5

Protocol

Server

2a00:1450:4001:82f::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 21:32:34 GMT
x-content-type-options: nosniff
age: 69171
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Oct 2023 21:32:34 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://s0.2mdn.net/dot.gif?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3D5C 0
12 B 43ms
42ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IKEHTdV6iBpzC9EzQ5xyJqCHoZOuKBnTTZkuBpaqYgLCMaFIgwnWlsI4ZaDcAh24I-rnMcKg

Requested by

Host: fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
URL: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 191F 61 KB
23 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
URL: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c0a8f02e8ef795aecc87e8e323c15fdf29287d20501d6ea0cf1dc53e2d2ea9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:11:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2023
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23347
x-xss-protection: 0
server: cafe
etag: 5707400221330747696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:11:42 GMT

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 47B8 38 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 10:33:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22331
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 10:33:14 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 191F 0
54 B 138ms
137ms Ping
image/gif 2607:f8b0:4001:c10::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lndes3fd&chm=1&c=71863667508588&ctx=2&qqid=CM3dvsmt34EDFRcEVQgdPl0D5g&met.4=fb.wc~lb.2j2~cmrload.35b~ol.6gk~idt.oj~dt.-10h&met.3=733.2j9~748.2ss~749.2st~742.2j9_a7~735.2wv_4~739.2yd_1~374.38s_1~738.6gk~113.6ne_2~112.6ne_3&met.1=1.lnderws0~6.cy~7.cy~8.cy~9.cy~10.cy~12.dj~13.ew~14.ey~15.u6~16.2yc~17.2yc~18.2yd~19.6gj~20.6gk~21.6gk&met.7=CBsQCBgBKNIDMJoEOLRBaOcDcJgEeIkXgAHdFIgBkjCwAQG4AQM~CCgQBRgBIJAJKJAJMJkLOIkCaJMKcI4LeNsDgAGvAYgB3gOwAQG4AQM~CBwQChgBIJEJKJEJMI0LOP0BaJgJcJgKeK_4AYABg_YBiAGNxwWwAQG4AQM~CBwQBhgBIJIJKJIJMI4LOPwBaJkJcJ8KeNYCgAEqiAEqsAEBuAED~CBwQBhgBIJIJKJIJMIsLOPgBaJkJcJ8KeKwCsAEBuAED~CB4QChgBIJMJKJMJMJ8KOIwBaJoJcJwKeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIJMJKJMJMJ4KOIsBaJoJcJYKeL9DgAGTQYgB050BsAEBuAED~CBsQBhgBIJQJKJQJMLEOOJ4F~CE0QChgBIJQJKJQJMKcNOJMEaJoJcLwLeLfXA4ABi9UDiAGu2QuwAQG4AQM~CBwQARgBIJEMKJEMMP8POO8DaJoNcP8PeKwCsAEBuAED~CBwQARgBIJcMKJcMMIAQOOgDaJoNcIAQeKwCsAEBuAED~CCgQChgBIOYMKOYMMIkROKMEaKUNcJQQeMCrAoABlKkCiAHXwgWwAQG4AQM~CCkQChgBIKoVKKoVMLEaOIcFQK0VSPkVUPkVWPcYYKQWaIIacJwaeKq5AoAB_rYCiAGx9QawAQG4AQM~CBwQChgBIK0VKK0VMJUWOGlo9xVwkxZ4miOAAe4giAGAWLABAbgBAw~CAkQChgBIMMVKMMVMJYWOFJo9xVwlBZ4_lyAAdJaiAGO8QGwAQG4AQM~CCcQChgBINsVKNsVMLcWOFtojhZwqhZ4nW-AAfFsiAHpyQKwAQG4AQM~CBwQBRgBIKAYKKAYMKMaOIMCaIIacJgaeJYHgAHqBIgBlgmwAQG4AQM~CCcQBRgBILMeKLMeMOEeOC5otx5wyh54oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIPkeKPkeMNk6OOEbUJsfWP4fYJsfaLQ6cNY6eOKvAYABtq0BiAHHsQewAQG4AQM~CCIQBBgBIJofKJofMO07ONMcQKUfSPofUPofWJk7YLggaKg7cOw7eKwCsAEBuAED~CCIQBBgBILFBKLFBMKhCOHdosUFwp0J4rAKwAQG4AQM~CCgQChgBIM9BKM9BMPRBOCVo0EFw7kF437gBgAGztgGIAfnpA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c10::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:25 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EF97 0
0 126ms
125ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309280101&jk=2051023511803790&bg=!LC-lL2DNAAbjlzx0w5c7ADQBe5WfODR2NlJt6uAUcbJ7msnzZw4JBXZx8G4tAUBQ5EyOaO9aiW7vbOUceb4IeCMiTYNKAgAAERZSAAAADWgBB5kDAV1Z-NtnCBzEyzHnCXwXQ8AiOVIdwhhtW3LZZr0mbBOUuk7XvLrPeDrsPkOT5GYIGENoJKzWRFLOTXLecNDJs8AwBp-uR15KAlQMShNq5RTu-30IH4q4wP6fvADpFPaa3rLUaSzB4Up627dKCATVuYj-PaejCySpS-2YBQduh9-1vxEY1WTX-GATe9Zdle5rQFCvY6fDsj-QyBD-u8ItwK1vQSVgNmR7DJUW0XAwZ5J7F_YwkJ4ltZBE8ai_NZH5cRITlf50TrmSAMWQLE4owS5q_YP9QBZt1JbbPpjrhfcIP-JbjsAuNnjKbKAiqRYb2MmrpMLO0ejp_9Lf4BKtm3kqTyzerr0y7OAl1C2E6ODQ8qojEwhdZhYU8gwoJTjA65S4kOpsVFSHBcRPzzScf46FLeQX7cmWW4Lq8kgSNXtRfblU1SEwuF_2rr_0PnY3lx843JUIH6r0fglQg7pZ8PtXyrrSqVL6YRC09hueJrH-iWnVuD_tUWe2B3VBOdkOazHHrDuIedO1wdASOIMzsINNcyHKJ-tOlkLyJyNuvCw4fl1Jqpq3qzciN2wto8CjjN7wfMuhhGSUNyivmGSAWUKA8hKMFkYP-xQQ8hXU6aaG04lKoNir5HTkuhAdSx5wi6JbnBpYoaStmGJGKnzU2gvfEXeY6FLcftDVLe6Ty6ONakuUGp5jMampiOUA3fhlcwNirIJX7e-iuzX6QzUttphLGSacIcmgTGe976ooKcj8uWM3S4ZlVs2UUXN2B5aGjjcMVQZ93tKLAn9UyFTjeAz5Lln38f5zVpj7vMYrLeI6LDIaiz6uYrN_VjtXXJM5wmbchwi9E_h1y9xSCNmTi5qHOq5ZiLLAg2_cJgsIJkTr5Evmr8j8RYJJV-4W7zM4dP4_83bm7dvkR_Crhm5WDLkadAMnPh3FQzYk4i9TejPY8T2iSlKY68FccFuEPnQCRDwKODnH-qOPUv5O-SYk7baTwIuOk-6A4PaT73I_JM7yhImY0uEkPVNydNZ1u-Nvmmc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 191F 0
20 B 122ms
119ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4023339272934&version=m202309260101&ct=119&x=1&cor=849376446207290900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE3F 0
20 B 126ms
126ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6151330802009&version=m202309260101&ct=77&x=1&cor=5024342187811728000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2DD3 0
0 136ms
135ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309280101&jk=71863667508588&bg=!tLelt_jNAAbjlzx0w5c7ADQBe5WfOOCbRDnh3xFnzzXuAgVN9pGexVu_B2Nw_sKqiMGZLY7lhHsqp8JFzND01hlU4mt2AgAADqJSAAAB5WgBB5kDBImMNsLQPDYQeS_PI6fwvwgZoPF2JvNQ6h6RhlskUo_rTwakTsz2i-7JHhK6fy01LCs0Yn5Qc1JY4biJ8p_P0l2nHS4kSchod6OVywocpMIXkGm958mDmk67hr5zP6y7S45RqCas--eGSuCHlZiM1yNlmbx7Pr1hY1UXlGjnAVDI-pts5w-CKokEJuL1ew0vAB5rQ-pfQuKv66ZN_oN14OfpR_s7hYzdIxaJShYTsk6JUTzghhlwfFd00s52zxXCnt1tcPpt87mEfkgrRA60DoIuyvUOwLkeR4NFFlHa4HzDy54gJgexFN8qsC-n7iYZFUcD7aQcAm1pjakiz-r2wTa9TDX1ca-4EeLnyzejOxpWXUaoFwagGkyet6Z5k1AZ6SWZsLAv-XwuiRSWKWCH4Fk--jTqtlQ9UMvOvwDOfvcd5Lb7etxnH4f6RN3tF_Po_t0voG9ds2aXFMsuwf5MnwtYB77BTA1aIr9pk1CS0qoRUg-DQFOuNjKKTGVDCRBzVNnTvIM6g5KMPPN1JsJCvMiSXuPXxnTZZJyfqwqdsb-m6QxdKgkRhYXA9rkuoN54_vqieeaMmD_fAbv--WJHfQuOqcqWRyebF_EZJf5NCmtDDMil7Yg4BG4Yz-HgrFY6IrkAdaKZ1OO7BAY4mgOiWDCddyEQIlV91xSN4qRj8-CffKGuoCvCiC8610s4JLUJPhBwDECWsCY8hKZsDS77xxjxQ6QifYJyV6TP8rJAksDJqV0RdfI2lJ7rYX5yNal_tQftVAvZKJnl5Pj6KW_qCaR-GP0Atnofu2N2P0RBahE1hreOGWGPb-YTmYuS0_qm1fkMZpSuE1kHHx9SFZjnzgXIzC5Ju2JOK7JumKU-fq6HfTF5-4hk7a-0FPW_p3XUF45tssCac74jxd0XOtNzy51PRBXl7kH6R0slBk54ixljUCxH-ah1mgY5HaKzewEcAy9qVvJKP6lbX2G22OWjJ8SL_SQON0VjgjV8p9fN3RKI7fcG7W6dQ1crVKZn5ukbPghf2oE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2EB3 13 KB
5 KB 26ms
24ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 5998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 15:05:29 GMT
expires: Fri, 04 Oct 2024 15:05:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 17AC 829 B
562 B 43ms
39ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

140d24107a3418bd0352c8cb62d1332fd9df47e604908f17f3bcdca0057c789b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Jyx3ZgzNn4xX9QfZMd9BOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Jyx3ZgzNn4xX9QfZMd9BOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 16:45:27 GMT
expires: Thu, 05 Oct 2023 16:45:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0036 0
0 126ms
126ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309280101&jk=85455581449384&bg=!ycqlyoXNAAbjlzx0w5c7ADQBe5WfOHhoxyUAwoHMjoIBk6q41-4RcdA2pIGlQxLvZDIhYUsoXOqKr6r8S5ae0E37DO8GAgAAD21SAAAFR2gBB5kDDZVHhB41RdrtPCK-I1ElHuERJNJ8hZ-WaOCP6VSOOBEmJXoC3GHv7Dy_0K3smDHdVTkLyP0Acx2pe3ZtLMhjmvuvkkmTrTAoG6kK7irf_Ix6fnGiV2RRo41xLfz037b09DUS0BBp-XbIfsVwW-zRDN6v93VCt20YmBlYraQXRv3FjZcvvSr0dXs8HGhB6f-Hge7KYQreh8vtA5xrb8JWxhmmuhyy5T7BFLoAU4Pl9Ia2Bmy7Tj6iP5HhsR28N8DOog3cRn_ixZJCJlJtYhLRlMsj2bXQoa4KCCDx6Hepj-aprVnmPTCKNBzj68IL2gtS6AdDJRhJSlFi5FX3WHtYoSd5hNlvExD5wVfmvk867VvQQPnVh13dZ4XalupMVN0ilYXkpLe9BpLxfil9o0HGWwLFezVQmHLsVJYzOQOWdigvJXgy_2zWW4BLQQg1qtR5wg3tEPIRHI0lxgrYDYwgXlyOWSHj-krjK69ZUunfKHNdIigsxQx3V2cl2kNOZCTynXVsMRFA4ZpMPFUcpzlZdISUZK_u6766t4m8SrNnXd3OF9dTeUuRJLAHFouK4LBaMVsodDF6QSpvqRyUVFfV5OdHeaHD5F-xAZpQBxRlVv2hwx858R4h93kFv968tx-BSHTt90ugJkvUQP-88n0KCxAlp7r69wtMOIdW0tHF21Hg8_0SDZ__uVwSMkv4IQ_pjsd7CtRB4qIXtPq0-jptSQFwbLxoAh6vuzN2Oy1abeTeQqSKpr5Q9J91tfvl19Uz6RGqBvqwWRaedjuJmz-_IWNuTj2NmwLC4-LEEqatP7JKUBOaBEGamyjBGsw6BiinhOEPlekl90IT2AndvMe85FoimTP9739TIrY_F_r_PqUOlLZvVMohnqahltwP7LGDkkVVM2TC8DzwEiXUU7hcuCQc1-nYBb3EhNLJZQlZh12rfvxemgn-Xu4UFEDPp0L9SBUfmsznlT1lrFTElj36R85W7V1VE1B_aFGC2oN9IlVLB2ttwlehgjfLu86P6PjrHG-CPhb0DCW6vRLUm30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 17AC 0
0 121ms
120ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231003&jk=4098724296574072&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A972 0
21 B 125ms
125ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BmBXiHugeZYCXI66n9u8P1JmX6AUAAAAAOAHgBAI&bg=!-Pul-7TNAAYMG8UMLBs7ADQBe5WfOClc_9EoGXCJQjA4daH1mZQelJSU16kLz-q8f1BWyp_-8Bz-uFkyBwDc6D_hIuYcAgAAC1tSAAAASWgBB5kDaRzPfOe1O48Hmznrl89oqhB_riMh_s2NYQM08rJKSQrqafdwWxO8FtOjJX1hCbUAL1maVNjZ4XJYJ2XTfCIlQPoNSHtMdjzgHbqflDrXM3lF9d3gcmOLo9HRMp1CEQfNoBlAvl1MOZxTZ8c664WTzwLRcwz9F8_ugxt5qIoemAE39Xic_T6PYo7HHOrMt5NfuPzFWR2S7Wq9-qKKDMiCtVquJjEL2423mIw_rC_faA2ShTrmkf8sbsNpkQjiJS7Q8MSz9jkC1DdEQ5T24cXzZLktds44ZXMtpjA6brw-7JxfHzyGZXxvzsFZf9FBSHL3PPR_GIJ5lzU7GT6XZqYjwOi2M7rRXVcRVFNKcES27OjM-Hf6UaXYAfO64mBC2fqhLsr0tEdPJDUHfuWsRpTebDdiAMbstXjmxhvTLMmBT0S1gHgIjUw2bqZ7qtN-L80XDvnTKVzEosyMpnVe9vs2SI79bcnDODIHUYap7FwjGOS9lQC0s_fhXFt5Pf9yFky7Rj9PdgUKqpU9RW0wNMOXRVCkIcLWx2k-IpNzwOLV0SBFU_jaBEYwWDFjvgpySiez2JOe5x9lCg90Z2dWIaeoYgyy-IP2E12zfPMrbUWNePLXl2ga8gpYuiQRWVF65ZDFSkycJ2T4CPZPXmW4ksTLOlx9KmGWlIGUbs4uGwZMy7uXKEV0-Fgy4QPgycwdDSvkZb00LxNwLu1VuWvZ22waGCY23sm6pKczGXP-eF4vtz9dwV8vrxg1W3-XzzKm8sXoR_BnK1UFRD1505doH7upypER3-kLOMPb8TDmTCPsfHJXBPAsld_ItBspPuvTMNguTSvbTXRLPouPgVYmNx0WlPwdqMp5iSpnS7TEoLzRR5MuJ5trzsGJ3OAJdhdaN0-sCVLhuQ31_6Lkmzfc9WZAKHNb_XHY8Lfj4dEqcneAxFa1n5tD4d33ktpSo6w-IToiAI_yeH9vhrG1O24HG6ZkwSHpEyLAH2kyPCCDkrTi13HiEUlM5LeGHGLlgdYpFbTJzjmKeT0jr9X7pKzMzPB8trHD6Y6xNLoJf03_LLtNowPErRa-5v4vot5OIHdPwTp50N9DUS9uf7P2LiE1VUPBhtJy_Mu12UFV8rtBm5fFDUH1APB4muj3VvMHYyJ6zaLW30ymILfvZNlcWg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 2EB3 37 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:41:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 16:41:03 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47B8 0
22 B 125ms
125ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkyoRIOgeZcXRKtbj3wOv3JIIAAAAADgB4AQC&bg=!bW6lbiHNAAYMG8UMLBs7ADQBe5WfOA0PpibLlrKTLHWX2VeLaHWdqLgwoLDdhPgTowdalKz9NZD4NOpzw_5G4bug3wFRAgAACcdSAAAAK2gBB5kDVJz5BCJoIZfkwPg_LX64GdAH4gVvZWYD8jfc7ULYAs6Af3q08C2s8ZL0EFN-amw5Qa7gBlj9ewRcpf9T0duW1g31f-U1XqWyaFbxUgl4mowrBC16xyc8PxqwFqrYkkf2V31OQtZNnDI61SvmaSny-7B_4ANM7vNDJEjvHIB2HWOxd5Z2po2o6ItxqtH-IfblHm17fNOw3USa353pf6a3JyVBpxXKTxZOVoWgs2ovBGYpzZL4ennQqL3AkfoP6CdFye5NZwUU-hOw7K55LxwZ-LICqurM8yAbwwtHK4nokaiQ77QkFt7pIn45XTA6qF6XXI45W21vo1oQEqZQMoWKDL5Ks97ZzSS_A0N34o3TAegRlW7Z7x7zgm7TmWpDjvSCtuoLRZrOSbF1guyZldn_p7WOY4y0H3V0P1hWG9y-heKOpoH4wV5P7AZgj3UCugvmMdEa0lZuwhA7j8g0FABu0sOZLFn-dmSDdPkC2XA69qEyt53vOy-7fQA4C1zfLnsotaRea9sYrugJ8C0216wJ3MLZbleWaQ6OJHKHWREKKIirAweiP4b5v-keLEiQyjA43loKqyJZRnKEjCRF399sHpbGYCUQCyTSoXFUOsOERAbCLjccQ9MNMYfq52oRAdqWqn3i44Y8p7YPQhgkx3QxwLiiS7AZJXcPbtLC4W8AWGpiNjI-yklTwMuenfKPgMpnN8_lTCz44DCeZ4LeKxOVbp6Cb80soQe0OQksV-pMsMIkfnB5WiVkhmTDHuB8WUFTF9HQOLhqCdaWHZRUxa8KmszcYNZvF_6doKLbSXPYyZOI6j0RrWsBxX3M3F6b2VlxKaf7rLE5h5kojVe_pdKD2byYfTnD4-uqOe7KnxfdIEMdmAwhM1xAcTW1E5NAjfhAk0bjGh1Q_Q8Cs2YLA39kQwv9vIXO4fiq4UuPHXkgpvG8PGDDl_NLMtBBOZGn20YTE13vu70kAUtAl3S-Scy7lPwgyIBjR0vHd1ALw0dOuUN3kDZUmd6BP4CD35s5XIna8ICIYXT3X3Tz-Em-daTnQlAJUU_a4gzWNX2So1OXR8Tqw0LB5NLG30ijXJh3haBY0qGxsbpWVMFNISojzeU8Ca-zeuL6JM4SlcxTGEdcEJe75z7qZw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 16:45:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2EB3 0
12 B 20ms
19ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ApAy6Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:45:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 56DC 0
0 128ms
128ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231003&jk=4098724296574072&bg=!JCelJ2jNAAbjlzx0w5c7ADQBe5WfOF-BsC3hYOytHApzwU_c9ksmrYWhx0fvsVfvlwjZLcCE6VC8lpFZGO3_Ghlxbv0xAgAAAaRSAAAAEmgBBwoAPLDx2n10AjdJ_l0wQCy6r2Xa9AeORID-wbXgLAL8oc1gLuv82vqYoKtZfDzpcO4R2lzpGFpAxH9ku5Z_QJkDEP3n1MkEJg7xGBH8wS6vuzs0-8dZwWDjQtSzFETqYtqsdYmlePltf29amY7Sj5t19XOjJQETwmJQSXNontNQMsWI7W_OO0hEHlGg32SORe5d3hgQit0aYhXA-A0J2Dve0_OcfvXS0vsRzrW2kzQxuudJdk_hzooCxk82eupJzsTxBrmsBbK9qncSRRsf1qshpn-6AXtvIv83cQAyPpaM0Lkc0FP7dHnToyMz5BFHjkFOrOv8oshFylf4Hm6j1pZHjf-WiP_6tqYPAVyBgy_tbz6djVk_nKWmM1oN8RnHV27o02GldAXkPWKdrIy4HP6EPed2Z1R8pFrugVOt1-QktvGUJFPdE4dZqSpNBQlW4BSrSt_ziliYfajQDiX1KpI2jjZ4HmUlFd5mMCXq6Mm-2ugip4pRILM6EmV3KFAVmYl-hmIpjVomq4ZeY1U-vwtIu7bWyw0qe_yg6XCBumgHB4CRR2fJMorIfm8aIuAyCfjzclWZUkXK5JK9I-CftrsODgBa56HE4dLGGYHEsKXttZ3NeV2KR51Zi4V44gnSkSRunJW4B1MM88D1Nn_WDbb71ckt_QeadsF2jnQEDgiOJErvhyId0XYJivSbee28vJrfnG0EHWVDMsk183QBVb0sLBNXshSWhaDBEOza3EA_35halRilSlt0ztRuBE4rrcIAh8KbYYELokH14DuOx9nNQDYWFEddTnHTvnaapBSPOm9LtG9QaOQJCs2CtiAUpbmfiN7sUXtl-221uOi1xABjXsNuYvIscqd72tpfLPU-H_a0Xv7TGAHXj4tsC7gvzWmsie07z6FW7LVvkjfd8G2EdPOFAjXh3xXBUUhdGEts6x32-njJ39xIUColzSuH_ti4sXCaP4aNj-uOkEE2zZZLAwV7KnI3qySIGFLTV0X_7FZ7Ey0unJeDcUPgHe-fJIUgsXI7CAu8ux9W4DekYYUw1YRf12x5UoEKBp2uGAzuTZ4vuHZTX3ZlCbqfWDmkiJF_ygvDrxr_u-cfvLuf_dYu-UvIJqjm8kBDBKcDh0eZdhI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0vNr-AHhoqNkdnTYcCGDfqCWe6OsFMqv26KDaguyXedytKR3dgyawv8scMmz3TouDYkDwQ2e8NWCXI6xhwnW54P5IzYsFm6uf9X5Cb49TV43tXV5Sb0ruGizWXTCd&sig=Cg0ArKJSzC26qdl5m4DaEAE&id=lidartos&mcvt=0&p=0,0,1,1&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=854963887&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1696524315771&rpt=2043&ec=1&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Domain: sync-dmp.aura-dsp.com
URL: https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESEF1exowuzgZQMYtUzUQ-bNg&google_cver=1&google_push=AXcoOmQABNKJTS_2tyV5W5iac_bPKtsDqFX8ONMB1ZCn6ZqgYyPhbnP6qBmSsGhNBkD0GIU49ThuKsRr5k8Ph8Jw-qtT4mhHK_bplg

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:51:24	Name: is_unique Value: sc12916097.1696524310.0
.statcounter.com/	1970-01-21 00:51:24	Name: is_visitor_unique Value: 1696524310291978280
.xgcartoon.com/	1970-01-21 00:01:00	Name: _ga Value: amp-IONbV4-KKoMCgdSzZWirDw
.doubleclick.net/	1970-01-21 00:51:24	Name: IDE Value: AHWqTUkOWITSIUR2qc7k2jKNtZDk2BqAFUcoXIP9R83YJrLE7AS420t4-eeizOD2r00
.casalemedia.com/	1970-01-21 00:01:00	Name: CMID Value: ZR7oH2KKtk75k7XGVX3RcgAA
.casalemedia.com/	1970-01-20 17:25:00	Name: CMPS Value: 5143
.casalemedia.com/	1970-01-20 17:25:00	Name: CMPRO Value: 5143
.quantserve.com/	1970-01-20 17:25:00	Name: d Value: EDwBCQGOKoEA
.quantserve.com/	1970-01-21 00:45:38	Name: mc Value: 651ee820-2ecb5-9cf04-43d89
.adfarm1.adition.com/	1970-01-20 17:24:56	Name: UserID1 Value: 7286516471271194983
.simpli.fi/	1970-01-21 00:02:26	Name: suid Value: 3D9A4FF596654D05ADA96A6E11426A47
.acuityplatform.com/	1970-01-21 00:01:00	Name: auid Value: 836551757536
.acuityplatform.com/	1970-01-21 00:01:00	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANPqNdXNlck1hdGNoaW5nSWTIkWxhc3REcm9wVGltZU1pbGxpcyUBRUAXK26MmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUVAFytujI90aGlyZFBhcnR5VXNlcklkWkNBRVNFUERxa0h1MGhFT1JEQjA3ZF9kTWhBc/v7hnZlcnNpb27C+w=="
.smaato.net/	1970-01-20 15:45:38	Name: SCM Value: b35228c874
.smaato.net/	1970-01-20 15:45:38	Name: SCMsas Value: b35228c874
.bidswitch.net/	1970-01-21 00:01:00	Name: tuuid Value: a4d491be-d5c3-40ed-bbb6-3fb6e09a2039
.bidswitch.net/	1970-01-21 00:01:00	Name: c Value: 1696524320
.bidswitch.net/	1970-01-21 00:01:00	Name: tuuid_lu Value: 1696524320
.adnxs.com/	1970-01-20 17:25:00	Name: uuid2 Value: 1068373215830260104
.openx.net/	1970-01-21 00:01:00	Name: i Value: bab01860-b7b8-4ed4-959c-28bc13c7a95b\|1696524320
.smartadserver.com/	1970-01-21 00:45:38	Name: pid Value: 2862925513829059999
.smartadserver.com/	1970-01-21 00:45:38	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-21 00:02:26	Name: csync Value: 133:b35228c874
.doubleclick.net/	1970-01-20 15:15:27	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 17:25:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>0dAwoQ!]tbPl1M>e)ZlrFUfJ+tGXxp:_`sL6E8L@CQ8U/.>0nLA<Uc>P_.yw!cO:]53If)y3KL9D3I?+X/t9ok
.3lift.com/	1970-01-20 17:25:00	Name: tluid Value: 3612390761818391067989
.ctnsnet.com/	1970-01-21 00:01:00	Name: cid_61ecb0c990e74374b4f30c90abbdbc6a Value: 1
.ctnsnet.com/	1970-01-21 00:01:00	Name: gid_CAESELnj7HOkmgBTx6txMc5HaCY Value: 1
.w55c.net/	1970-01-21 00:47:05	Name: wfivefivec Value: AcbZms7U1QOrty5
.pubmatic.com/	1970-01-20 15:16:50	Name: KTPCACOOKIE Value: YES
sync.gonet-ads.com/	1969-12-31 23:59:59	Name: chk Value: 1
.media.net/	1970-01-21 00:01:00	Name: visitor-id Value: 3395259248454773000V10
.media.net/	1970-01-20 15:35:33	Name: data-g Value: CAESELwXbZtqpf7xABSHXOMGvA0~~3
.w55c.net/	1970-01-20 15:58:36	Name: matchgoogle Value: 5
.pubmatic.com/	1970-01-21 00:01:00	Name: KADUSERCOOKIE Value: ABDF5718-7919-4B1B-B1D6-05FBC22DC40C
.gonet-ads.com/	1970-01-21 00:02:26	Name: pid Value: NjgyMGYwY2QxMWY1Zjc5Mw
.googleadservices.com/	1970-01-20 17:25:00	Name: ar_debug Value: 1
.bidswitch.net/	1970-01-20 15:15:24	Name: google_push Value: AXcoOmRaLpLbQGUZ2asoba2c8PJYMvepQ8J75RivZPf369xAWdNXh40j8lIG0-Cxuria1oMXHKvErOU0Il5iOYaEdm_gtKMO7La7
.yahoo.com/	1970-01-21 00:01:21	Name: A3 Value: d=AQABBCXoHmUCEJW6ofDH-_3Pcoyf1DXMXlMFEgEBAQE5IGUoZQAAAAAA_eMAAA&S=AQAAAvi1BYjAwYxBJJmnPsrfAQM
.tribalfusion.com/	1970-01-20 17:25:00	Name: ANON_ID Value: acnteZbr2PKdFuYnRXmnA6LOTGaf5nG1f79VBZaO0MZbxMVZaEZddCjXb9usrVIMYjhnnKaN8Wsn8jQtC6qvEaHgtB0vGrUeT85Ud
.dotomi.com/	1970-01-20 15:15:24	Name: DotomiTest Value: 21f0aa1b53d2188f

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://www.xgcartoon.com/detail/kuailexingmaoguoyudi18ji-jinyong Message: The resource https://948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network	error	URL: https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google Message: Failed to load resource: the server responded with a status of 503 (Service Unavailable: Back-end server is at capacity)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2cefd0f811209304628bf706cbdd2eab.safeframe.googlesyndication.com
65fb598bfe984b2b2e88119bee89eeb3.safeframe.googlesyndication.com
948dab4b694bba10a511be62a75a9a5c.safeframe.googlesyndication.com
a.tribalfusion.com
ad4.adfarm1.adition.com
ads.eu.criteo.com
c.statcounter.com
cat.nl3.eu.criteo.com
cc.adingo.jp
cdn.ampproject.org
cm.g.doubleclick.net
cms.quantserve.com
cs.media.net
csi.gstatic.com
csm.eu.criteo.net
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
eb2.3lift.com
fef3912edb4a927a84ee09c5f054f9b4.safeframe.googlesyndication.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
imagesrv.adition.com
lh4.googleusercontent.com
match.sharethrough.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
r.scoota.co
region1.google-analytics.com
rtb-csync.smartadserver.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
static-a.xgcartoon.com
static.criteo.net
sync-dmp.aura-dsp.com
sync.gonet-ads.com
tpc.googlesyndication.com
um.simpli.fi
ums.acuityplatform.com
us-u.openx.net
www.google.com
www.googleadservices.com
www.googletagservices.com
www.xgcartoon.com
x.bidswitch.net
pagead2.googlesyndication.com
sync-dmp.aura-dsp.com
104.18.26.193
104.20.219.77
13.248.245.213
142.250.185.130
142.250.185.162
142.250.186.161
154.59.122.79
169.150.222.217
172.217.16.130
178.250.1.6
178.250.7.11
185.64.190.78
185.86.138.152
185.89.210.180
188.42.105.236
2001:4860:4802:32::36
217.79.188.46
217.79.188.59
23.212.88.20
2600:9000:211e:fe00:1b:5138:8a40:93a1
2606:4700:10::6816:2f93
2606:4700::6812:18ad
2607:f8b0:4001:c10::5e
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:808::2002
2a00:1450:4001:810::2001
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
2a02:2638:3::12
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::11
2a02:2638:d::c
2a02:fa8:8806:16::1370
2a05:d018:d29:3605:316a:16ef:4691:e00e
3.65.51.143
3.77.247.132
34.249.156.204
34.91.62.186
34.98.64.218
35.186.193.173
35.227.252.103
35.73.212.134
51.89.9.253
52.29.79.55
69.173.144.165
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
095e2cc17b7c6d5f775987860b3c48e699bec533cfe9917c9458c609983fcea3
097c4d92a70192ec3b756b2cb1c6136af9245616e3d1d576fa2ab1c796bba64d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fe4af134347bf9383f0946d8417a70e5bd69298876a68c4b578ab6bdeacad81
10699e72905f25b578711394a0794e8c789c4e981b88e21707dd04b6b1fb4bd7
11e3b7652da2fb4419f0553b65e1438f658ef16949a01241d4ce3387b51725fb
120b647b585ca7fd31b4c949469e8da6e0ff58452e1f78011cca84db04830b9e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
140d24107a3418bd0352c8cb62d1332fd9df47e604908f17f3bcdca0057c789b
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
180597870c70ea1f5c71323512a5cebb43a4532c10aac4030eb826556868ff1e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
227c624299a687f57694e78cb4f754a41e3d5b6ce4950495980886a321e462b2
29d624398032009290d2f6f32f7ac054d83b820e00d46158e8dcd8424c7fa565
2a67c1169d7a45914bb6766fe05e4fb7b840f7a864744b8fa911a9da40649391
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2c0a8f02e8ef795aecc87e8e323c15fdf29287d20501d6ea0cf1dc53e2d2ea9e
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30f7050deb7e111d2db1cc1879424b8a62af2dc63f8b9f00571313e0dc24cc48
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
39541799e38d9d9c4a9615467dfa6147df7cf2191c59abe3027064b445dfe9f6
3ab8785803c04f943209fec95ec5faa87416dd1af8b1030db98017a38fa0974a
3be61af8ca1be1fea37c76d6fcaa4c3076fe975ceed168c92f786f19bed21392
3e470390154e5bd03688cdda3929ea08912e3c0df3381747417b2b2695c11e6f
3fc7db3b4d954cee6431fdd3b4be2fab558051f1f6f5c010aa2c7f839a56592f
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
45e51a72bfe3766f65da342bf28ad6f43c265d537da80ca5ac08535e99be0d9c
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46fac2c4f85a6f77b7b855a38edd6da4af8721ba0b7bab73d0bc60347fdbd3e8
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8e7d5f09df9a9f905915164a58bcea935e0b14581e285bf282c8fd38845b8a
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1
5325099282ede6ff90ea71df2f9a4c926e85c62d704daeeda8b9d2dc467d5517
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5aacd2e9c7ec1a3b33bdbce9a72f0fa9a3ac84151bb3c94ad3ceaab8467001a0
5c7c5c90a9ea184b7ae122746634b34b95b904cdf18701bcefe47281bdf3fb2a
60ef34be4d27357c742d1ea99884253e21100f0d09d3ddb531969fccc52a3d5e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
666efc0a6172f12059d8bc178a5411b2733bead252880e53aa6ad867af8e9b64
67d876ab8150c4e239e39d230ec802e7b42488da2eaa80cfbbdeee9c9aaee5f8
68295810248574426d37c55772795cd2f60f2ebc7e42ef35c6aad656e81cee0e
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd
700e7f54129d3ee957c453faffe040f5e56ade94f2e2f611c03b521aebbb0de1
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
71c87286b7656c279d8c6276b6602373709af8c8d4405cf94dc74e71ac9fd3b4
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
81e737602d00a22ff43ca19139a7036607aa92fcbe40f420116850b97a1ddcb1
81ece752536b1b7cdcf808a4a191c32ae732b23e181cd7b550ba21c75bfc6d43
82518be720df1f6555191122573b12273023bcd0984b7296060989d5e28e765a
837d34e0a07549292f03b1851081a07935685c714a2704305cb65d93236573de
839f7c2acdfe53055762a8aa80b4a33f81b4534e5b036c06734805575f0b5c64
84f9b6d8cef38850ab0eb7084b7f8f3093b31789aeddde469d5375e2b9fec8b8
85807e46cda1cc83ef9c5e92edaacb7ccd4fe3cf1ad8ff1975709a435853cc08
8756d3367261f5dfcbef03be86fb4b956f889917fbdd3b72c300d8e1dcdc5f47
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
93258ecf2bc065f77b8a06cb3d3dcee332eb3ade038dc28dd04fcd5f7bab74de
945818b0f0dbc0dd7405b2ca124d9dd0c287745c800d21fab72fbd418e1a2aa5
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a4a0eae898da5203a8383addb1ae48afa739c2a0129a16c55b7d8fbeebd76a46
a50a21275ceb71d064f6a534bb36e09c54686420b88c3dc219b548588a8e570d
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aa0696014ac23d674aec0b644c215635727fc3ff4b972cf9052c7bbd0b774a92
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2dff3c8538006a5ab7304fbdd0eef49b25077b7ba5faabcae58da42f42b1f8b
ba6f765e9b828424f5d95fbf503e44778298110585eee6343651961b4e20fbeb
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c696cf896f31656971d1dd2f7e1e582afbd23427bc528ca49b42c9e48d87a55f
c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
ce14a3673e7bf6974e5ff7a09a53415698aa376d3d09d95c9e453a88b701ba3a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d051ece707cf5f0ccf636989406d8dd99b585d5a821dc756f07e3092cf87502c
d0af03d2d41d9f34e142ddcd442e8e2a5da663d873bd1ebec3da82fc6da2b0dc
d4de6c8a24d8959593744ade6de22ed29b5404dcdd0243d43e52209b56383f66
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
de77c27c1dd317c623629f0b009b5951b27cde3ae2524890e22a9aa196cdb927
df402cdd92acad3d33b69001cac99ad29c5cc9b626cd194a67cef75375150c39
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f8f50d057bf164c98263951f4cd3afa5531559fcbb8fcd3659de34e16f355e
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed68f0e80b7fdede2ae7235b2ae1ce179d07fa64513658d7ac9f65a5f12d623c
edd00d0f3d37ab8e6e4a7e80205bd12cecc5cc47cd872c49a73749244e01dde7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f7d8a10bf4f06c8a3e85cb9f27253e20bed0d3809734441fd7eb97b582db8e61
f9c276a9862d00b6715b7ae88c7363184aabcc6e8a1a1e446ca6c206a0a5410b
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
fd0fc395f3e93632f4a4959618a99ef5842f83ae194afa6055ac6db304b7f1e8
ff3914cf46d654d5d707dc58a81bcafc2f8729371057ba4a1e415187df14f409

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

246 Requests

87 %HTTPS

43 %IPv6

39 Domains

56 Subdomains

38 IPs

5 Countries

3619 kBTransfer

8566 kBSize

41 Cookies

1 Outgoing links

Redirected requests

246 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

246
Requests

87 %
HTTPS

43 %
IPv6

39
Domains

56
Subdomains

38
IPs

5
Countries

3619 kB
Transfer

8566 kB
Size

41
Cookies

246 HTTP transactions
14 data transactions