www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanz...
Submission: On August 31 via manual (August 31st 2023, 5:52:32 am UTC) from US — Scanned from CH

Summary HTTP 247 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 36 IPs in 12 countries across 38 domains to perform 247 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
14	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.218.77 104.20.218.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::ac43:2a0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 23	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
26	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
34	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2 4	52.213.146.58 52.213.146.58	16509 (AMAZON-02) (AMAZON-02)
1 7	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
7 29	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2 3	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	217.79.188.46 217.79.188.46	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	217.79.188.21 217.79.188.21	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	217.79.188.60 217.79.188.60	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	3.74.29.98 3.74.29.98	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.6.243 37.157.6.243	198622 (ADFORM) (ADFORM)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2600:1f18:612... 2600:1f18:612b:4232:fe41:ef78:f1cb:19a5	14618 (AMAZON-AES) (AMAZON-AES)
1 1	81.17.55.170 81.17.55.170	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
8	18.195.120.244 18.195.120.244	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223f:8c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	2600:1f13:800... 2600:1f13:800:7780:9846:83bf:7761:208e	16509 (AMAZON-02) (AMAZON-02)
32	2.16.238.136 2.16.238.136	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	54.84.218.161 54.84.218.161	14618 (AMAZON-AES) (AMAZON-AES)
2 2	216.52.2.91 216.52.2.91	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
3 3	188.42.105.236 188.42.105.236	7979 (SERVERS-COM) (SERVERS-COM)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:122b:3c04:1b89:43a2	16509 (AMAZON-02) (AMAZON-02)
2 2	70.42.32.191 70.42.32.191	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
2 3	2a02:6b8::90 2a02:6b8::90	208722 (GLOBAL_DC) (GLOBAL_DC)
6	18.194.35.23 18.194.35.23	16509 (AMAZON-02) (AMAZON-02)
247	36

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.218.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::ac43:2a0b (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.213.146.58 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-146-58.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.185.130 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.149 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.46 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad4.adfarm1.adition.com

ad4.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.21 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad2.adfarm1.adition.com

ad2.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.60 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.74.29.98 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-29-98.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.243 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4232:fe41:ef78:f1cb:19a5 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

google.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.17.55.170 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.195.120.244 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:8c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f13:800:7780:9846:83bf:7761:208e (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2.16.238.136 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-238-136.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.243 (United States) 2 redirects

ASN21859 (ZEN-ECN, US)
PTR: ddos.com

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.218.161 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-218-161.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.91 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.42.105.236 (Luxembourg) 3 redirects

ASN7979 (SERVERS-COM, US)

sync.gonet-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:122b:3c04:1b89:43a2 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.191 (United States) 2 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::90 (Moscow, Russian Federation) 2 redirects

ASN208722 (GLOBAL_DC, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.194.35.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
70	googlesyndication.com 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 150 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 107	367 KB
59	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 237	675 KB
46	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1551 secure-ds.serving-sys.com — Cisco Umbrella Rank: 2640 lm.serving-sys.com — Cisco Umbrella Rank: 2587	520 KB
15	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 884 static.adsafeprotected.com — Cisco Umbrella Rank: 607 dt.adsafeprotected.com — Cisco Umbrella Rank: 579	204 KB
14	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 405	260 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com	405 KB
9	criteo.net static.criteo.net — Cisco Umbrella Rank: 603 csm.eu.criteo.net — Cisco Umbrella Rank: 10389	65 KB
7	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	2 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	396 KB
5	openx.net 4 redirects us-u.openx.net — Cisco Umbrella Rank: 478 rtb.openx.net — Cisco Umbrella Rank: 751	1 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 239 secure.adnxs.com — Cisco Umbrella Rank: 450	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	3 KB
3	yandex.ru 2 redirects an.yandex.ru — Cisco Umbrella Rank: 5203	952 B
3	gonet-ads.com 3 redirects sync.gonet-ads.com — Cisco Umbrella Rank: 32481	1 KB
3	w55c.net 3 redirects pm.w55c.net — Cisco Umbrella Rank: 854	3 KB
3	adition.com 1 redirects ad4.adfarm1.adition.com — Cisco Umbrella Rank: 86836 ad2.adfarm1.adition.com — Cisco Umbrella Rank: 76128 imagesrv.adition.com — Cisco Umbrella Rank: 18530	734 B
3	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 10282 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 11410 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 17186	22 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 561	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 546	1 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 659	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 706	972 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 805 s.tribalfusion.com — Cisco Umbrella Rank: 1949	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 752	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 591	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 149
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 311	77 KB
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 3207	1 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1239	573 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 736	334 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 451	711 B
1	e-volution.ai rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 7140	233 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 4642	612 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1998	173 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 777	408 B
1	tremorhub.com 1 redirects google.partners.tremorhub.com — Cisco Umbrella Rank: 13061	632 B
1	googleusercontent.com lh6.googleusercontent.com — Cisco Umbrella Rank: 434	149 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2547	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 9797	469 B
247	38

	Domain	Requested by
34	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
32	secure-ds.serving-sys.com	fw.adsafeprotected.com secure-ds.serving-sys.com
29	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
25	tpc.googlesyndication.com	83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com securepubads.g.doubleclick.net ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com tpc.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com googleads.g.doubleclick.net
23	securepubads.g.doubleclick.net	1 redirects cdn.ampproject.org www.xgcartoon.com 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com securepubads.g.doubleclick.net
14	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
9	dt.adsafeprotected.com	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
8	bs.serving-sys.com	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com secure-ds.serving-sys.com
7	www.google.com	1 redirects 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com tpc.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
7	googleads.g.doubleclick.net	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com pagead2.googlesyndication.com
7	static.criteo.net	ads.eu.criteo.com
7	www.googletagservices.com	83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
6	lm.serving-sys.com	www.xgcartoon.com secure-ds.serving-sys.com
5	83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com	cdn.ampproject.org
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	fw.adsafeprotected.com	2 redirects 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
3	an.yandex.ru	2 redirects 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
3	sync.gonet-ads.com	3 redirects
3	pm.w55c.net	3 redirects
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	sync.1rx.io	2 redirects
2	b1sync.zemanta.com	2 redirects
2	ap.lijit.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	static.adsafeprotected.com	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
2	secure.adnxs.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	c1.adform.net	2 redirects
2	www.googleadservices.com	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
2	s0.2mdn.net	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
2	010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	csm.eu.criteo.net	ads.eu.criteo.com
1	a.rfihub.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	onetag-sys.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	rtb2-useast.e-volution.ai	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
1	fksnk.com	1 redirects
1	tr.blismedia.com	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
1	s.tribalfusion.com	311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	google.partners.tremorhub.com	1 redirects
1	imagesrv.adition.com	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
1	ad2.adfarm1.adition.com	1 redirects
1	ad4.adfarm1.adition.com	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
1	lh6.googleusercontent.com	ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com	83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
1	cat.fr3.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
247	58

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G2	`2022-09-14` - `2023-10-16`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-07-21` - `2023-10-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-27` - `2023-10-22`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
secure-ds.serving-sys.com R3	`2023-07-11` - `2023-10-09`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-08-07` - `2023-11-05`	3 months	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2022-09-29` - `2023-10-30`	a year	crt.sh
lm.serving-sys.com Amazon RSA 2048 M01	`2023-02-14` - `2024-02-15`	a year	crt.sh
bs.serving-sys.com Amazon RSA 2048 M02	`2023-03-11` - `2024-04-08`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Frame ID: 75E6926DD0C0A6FFE52647573F84E66B
Requests: 40 HTTP requests in this frame

Frame: data://truncated
Frame ID: 2B1EB13748B0F1E020205185D4DB01BC
Requests: 1 HTTP requests in this frame

Frame: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 861545CA0D38CE78771D44823CDAACFF
Requests: 9 HTTP requests in this frame

Frame: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 6D9439110D721D35929E9979E7B25464
Requests: 10 HTTP requests in this frame

Frame: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 1D5BD6A26C0969EA4532D6DF357830FB
Requests: 10 HTTP requests in this frame

Frame: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 2495231A0128345D88AB69A1E8AD4108
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPAqmAAG61EK5VjkAAJLkpSp62rUp9mjo3ksNw&u=%7CYOPKDqE%2FHlVyuzchkkIUXVRc2HGrNoFLaBgPXbpNBoM%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osKZuaH-aMKm9HzPQN8tLvOo4ByV5sJyLcTIaq1RJFizmxw8DfLG9MG3A25RC-fDNgGKi34xuBX1EHzOz4qeeVjTmjfqf1v11JsCq5e9sAK1rOUf5FSW5uj2Xy-jzYczPHM4d-UGxgH90MDGthEiAdKM_Cy3Skez_UYOMaVDHPz9aKDr0l1p1PldtSn8iSyWgqdv9bZ_j4HMvWAPMr6hKUh37PQ4Tec0t_WAhDWqRr5v-s4S_pHlvrGz4OdA4fW4KLk3RlGs4BHRjWit6hoX4L3cCkVUaU6JDKZcy5O5pxzhlJW8wx1GFZxBNKPe791_5JRytQH-Wt9X32xPz1pqGdxyE2iUytBl--uBJERLm47ZcggWt3caOJ4s7Df87V4Ji1bj_L2Zs1henhA1m7KZ5XWHdTos7ai2LQHyFQE-8A8pGdTKp1XZJl7rAk4CMRyIPZg1s1f2KG4_vGCc2x4bn2-m-P6lbgTO1LPjUWo042VYsUrSmarwkP8huPlI5wwthd-IIG-fpqGPwOjyQDakuX7z8WU9H3uedAh8H9Ao2vlCzYuvBCETE4VaGJ1xZmYH4IhloKu1xegND6N-AqLShR97qZY8QBcYgshen_Rt30wF9kY5FrbU7jz77C843sP-S5WaCUrNgYv4BV3XeGPWKBHi&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1y7VmCrwZNHWG-SxlQeSl4ngCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5CImmAFYsj7gAgCoAwHIAwKqBOACT9DjVb4ZhelT-2grBXFATXgz8VEpYJu0uJH8jgiCjSPFqY6C6Px6fgkTauZJgpzP4CFQAnY7FrT2Nn0i9iUhuORj_HImCIhEyj3AnuVFHP_9fbWq4KNmOM8cfeScmRB5eLL3TdzdRVM0SP69iyFDJ7BYl7P8r_IGAbU9fL_btX9CEezvbpJh-enToMbYPvkRRMnmuSJMTy1U3OZIZ-4sE5t_6g5Pm4T_fWEFpb7ltaxX-l6Cmk4qPYD26_dWzZHHd3dv9TAicCOLfZRJ93fDcRnrPzQEsymX7pNNfQ1VSo6cVzoSqV9pFiS_sRbCVQFIFyexp0dsMZAOIjl379DT_RJzxZ90W385JjGu10nhaa0gOR034iDZVdXpkpzOX-9yvcxSZ1eAEUatkwPgW69t0jTlA09ydF3ajv8fd6mlmyeZWJO54PiobriqSDDIZy1lLeTqimZEl9wB5EhmQDy1F-AEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2eQZ_GY6NhIxg5lsBy4OM9thRQ7w%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: CDEE584AE069FA326DFE481ECA102DD5
Requests: 11 HTTP requests in this frame

Frame: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 03418DCCBA9A3034C0647AA443BD5542
Requests: 1 HTTP requests in this frame

Frame: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 4F33CE661DCCCEEEFE8F2DBEADC90B76
Requests: 1 HTTP requests in this frame

Frame: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A696C8E531644E8C737A6D862A3ED2E2
Requests: 1 HTTP requests in this frame

Frame: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 161C3FF1DAF61B62B1A8AEBDD14EBB7B
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNXjbjnadJAzLI7ZdF2lX1eqPmLgc_21tmGxCc3pq1P9jV5rOVWxi7nN-LM3Va64yaLznTQiZ5jsCrIOGlMs9lSrd_gTuQ
Frame ID: 0DDFFFB2C3DA20FB6A1249F07296A269
Requests: 4 HTTP requests in this frame

Frame: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AF919DF7151033CE0B8EBF30FC7BB082
Requests: 15 HTTP requests in this frame

Frame: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 85D14AC0938DA35C74597F3B03A24165
Requests: 30 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 428A6D2BD863FDCD0E0C7FD59369F768
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C94E824A002E54E8DFCC6D2A252D6E80
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNVUd2u5CUQUWR3O6eu8JaN1B6DRv45BfUgRauGVrs0mUnezxvlvbbiX6v9JxzEILW3PF9ydnNIyolTUuezQwmDId4aDog
Frame ID: AA5295ADDD6581B7DB5C4C8231BE735D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EECE6BCAB7A73096A6D329CBDA100EB0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1FD95A5CB64B5D6A9EFA2BC0F0944D79
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FCA23CD0740860F0BD914582379E5ADD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D8246A9AC77E7993FE95E07FC0053130
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AC89CC9A196715E49487EA07976E1B9F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DC14ECF7BE1537850B20D913F76D8597
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 2A259F5463180C883457E30A2316BF8A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3D827FA0CF0288C800BB7525963D52D8
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: EC53FA5F1AB932E342874E5392EC7094
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F758774DF647EAA00DF21507A63B0C8E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4DAF8716CE3FCE55E73FDA599E54FA90
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BAE6D288E842360DD9A8AD44DE985D8C
Requests: 9 HTTP requests in this frame

Frame: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Frame ID: 0CFB94A9FD617F8358BAAD10F5298A0F
Requests: 13 HTTP requests in this frame

Frame: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Frame ID: 9D6A61513C73F1C73C83BC38708D1D08
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍹黑子的籃球【劇場版】LAST GAME（幻影籃球王劇場版終極一戰）【粵語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

Page Statistics

247
Requests

88 %
HTTPS

40 %
IPv6

38
Domains

58
Subdomains

36
IPs

12
Countries

3144 kB
Transfer

7853 kB
Size

47
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1

Request Chain 110

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPAqmlZ-DrDvba.hog0p5gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1&google_hm=2

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECX_yVg7TTmHuWU-6UZGK1E&google_cver=1

Request Chain 135

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D

Request Chain 136

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDOJEoUvW77WoJnJITXzdN8&google_cver=1

Request Chain 137

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTAzOTViYWEtYTUxMy0yODZiLWUxYWYtODJiZGFhZGM3MzYw

Request Chain 139

https://securepubads.g.doubleclick.net/pagead/adview?ai=CAAJtmSrwZOWmO4Ok-gaA65qYCNbHrIFyzqaJmLcR--mhk9Q-EAEg08vOMGD1lc6B4ATIAQapAlcVpRcvVbI-qAMBqgTmAU_Qnked3Z-IlPQWRAchRewmctcSMhDym3-K0v3-qLhdcl4Pti7DR-i1Myp7wVcTPMIShzqAzhU0wUGrSU6e0vxzgXMgt20xQIlwjNvXFKblDl3IpQcJhmKKEqv8iHPbKdaJ7RwF5lnuTO3h2kyjQnhK7SzjuDE2-TSkiEdTo3VzfPQkgOHuiRHvihGCUD3DqAIO2FzZ6NLy0Qj06BWRS24_5930hR9HwilU7fA2f1hrKSQf8hTNfAbVUni8m33i-9W1VvBFtXyqAyzymuf9Sy6tKCtJZvq4KMr0NZuqYX0DoKH-TJz4wAT5ipSYsQTgBAOIBaqkifBLkgUECAMYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH8OulxgGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChD42wkYiZvU8AHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJdmh0dHBzOi8vYWQ0LmFkZmFybTEuYWRpdGlvbi5jb20vcmVkaT9zaWQ9NDgzMjk5MyZraWQ9NjAwNzAwNiZiaWQ9MTgxODcwOTQmZ2Rwcj0ke0dEUFJ9JmdkcHJfY29uc2VudD0ke0dEUFJfQ09OU0VOVF8zOX2ACgPICwGwE6K1pRTIE6jLs-MD0BMA2BMK2BQB0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh6BcB&sigh=S5Uvr0ZwjAQ&uach_m=[UACH]&ase=2&cid=CAQSKQBpAlJWrV3stYr5cDtZN4A8kzkSujL07djRsR1RLQ3IwFzXGl2RjusTGAE&template_id=509&vt=10&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212901846859809805487%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%220%22],%224%22:[%2208-31%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213668344409796210193%22}&andc=true

Request Chain 142

https://ad2.adfarm1.adition.com/banner?sid=4774921&gdpr=&gdpr_consent=&kid=5986089&bid=18180487&wpt=C&ts=[timestamp]&cbvp=2 HTTP 302
https://imagesrv.adition.com/1x1.gif

Request Chain 145

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9TquJrdqfxXyemD6a9NP5v6Uy5a-Kebbm1hQbaCOQlmiYl_ZTQ5TcC HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9TquJrdqfxXyemD6a9NP5v6Uy5a-Kebbm1hQbaCOQlmiYl_ZTQ5TcC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9TquJrdqfxXyemD6a9NP5v6Uy5a-Kebbm1hQbaCOQlmiYl_ZTQ5TcC

Request Chain 146

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECBSuYblWcc-u9dDipMddeo&google_cver=1&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEtrqur6hBUHOwJfddgTqcT HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECBSuYblWcc-u9dDipMddeo&google_cver=1&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEtrqur6hBUHOwJfddgTqcT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTAwNzEyNzEwNTMwODM0MjM1Mg&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEtrqur6hBUHOwJfddgTqcT

Request Chain 147

https://rtb.openx.net/sync/dds?google_gid=CAESEGJ7AIX6NTzcbePYO9KHLXk&google_cver=1&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx HTTP 302
https://rtb.openx.net/sync/dds?google_cver=1&google_gid=CAESEGJ7AIX6NTzcbePYO9KHLXk&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&google_hm=EwACXMXiz-ESO5SzsyeHug==

Request Chain 148

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKo69aBwRvyJOFz2VYFwMQI&google_cver=1&google_push=AXcoOmT0Ymxqh9F8ELzhUKn1oloN3v1zvNiZDcMRJx9LkczvLm_uxMIT8biSSsjdsovj4GleepkRdXl9_O42ymZRrNdXY8U5GNXW HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKo69aBwRvyJOFz2VYFwMQI&google_cver=1&google_push=AXcoOmT0Ymxqh9F8ELzhUKn1oloN3v1zvNiZDcMRJx9LkczvLm_uxMIT8biSSsjdsovj4GleepkRdXl9_O42ymZRrNdXY8U5GNXW&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=O7uOWM-MQtax-lXCPNqnoQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmT0Ymxqh9F8ELzhUKn1oloN3v1zvNiZDcMRJx9LkczvLm_uxMIT8biSSsjdsovj4GleepkRdXl9_O42ymZRrNdXY8U5GNXW

Request Chain 149

https://google.partners.tremorhub.com/sync?UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc35QoPk3jNYK6OrFVKaWIjyK_PgRXVZC_OQlXiRoYY5cpYuEGU3lc_FvULbchQYsKjMrLIm7Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=YzI5MjBmN2Y4MTVhNGJiOGFlOGFiOWEzMWZjMjJkNjg%3D&UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc35QoPk3jNYK6OrFVKaWIjyK_PgRXVZC_OQlXiRoYY5cpYuEGU3lc_FvULbchQYsKjMrLIm7Q

Request Chain 150

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEAgp3xzuC5csWjQmMqR8d50&google_cver=1&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8OWcd8LXaJ7_EuPn7XpnhaG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8OWcd8LXaJ7_EuPn7XpnhaG&google_hm=NjQxMjAyMDQzMTE4NjI3MjQ2MA%3D%3D

Request Chain 151

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5QU9mYcjzKQ7OhzlIcp7ts4jirqgt4QjzrXnP-sPefLkXxhZJUYED2OnSCUpTlakSKSCg HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESELOMkYEw280qZBZwu2QeqZQ%26google_cver%3D1%26google_push%3DAXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5QU9mYcjzKQ7OhzlIcp7ts4jirqgt4QjzrXnP-sPefLkXxhZJUYED2OnSCUpTlakSKSCg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5QU9mYcjzKQ7OhzlIcp7ts4jirqgt4QjzrXnP-sPefLkXxhZJUYED2OnSCUpTlakSKSCg

Request Chain 154

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 162

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:b584b2f1-0c38-fe02-b123-b4ac958facb9,c:mQH1LS,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-dfd6d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:22,oid:903cb8f6-47c2-11ee-8596-d22de3852da9,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0

Request Chain 174

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:cf52fac5-ad08-99d8-dda5-d0c66b35ed3e,c:mQH1Os,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-9tfpn,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuiogY+11%7C121%7C131%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:904c2244-47c2-11ee-96d1-ca15dec157a0,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0

Request Chain 185

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 186

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEHMvDIp33Ocb2x4jNHXzUTA&google_cver=1&google_push=AXcoOmSHSkwAgNOy9UR7UUpn_cLjj8rGItyVLDGCf1TidSJJIsH6qhiafORvU0ZINr5985gS-3d2i4pRFUnAHC3VharrVA1iCY-OAA HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEHMvDIp33Ocb2x4jNHXzUTA&google_cver=1&google_push=AXcoOmSHSkwAgNOy9UR7UUpn_cLjj8rGItyVLDGCf1TidSJJIsH6qhiafORvU0ZINr5985gS-3d2i4pRFUnAHC3VharrVA1iCY-OAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=MbWJiOXFRFqVOX24b1BYyWTwKps

Request Chain 188

https://fksnk.com/cs/google?google_gid=CAESEFCBg2bPRNX2SYboFtGIKu0&google_cver=1&google_push=AXcoOmSXFGxCAeNadNDq-XEhWhw9xwhO6IWDmKs6VrC2GRf4-VRB7ktmWiqRHVultmkDMF8bs4lS2IawfDhcg5CWdLGFH71xt2pkcA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTBCQUQ0OUEzQjUwMTYzOQ==

Request Chain 189

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKD68Q89xN3r9vFbo5k9yig&google_cver=1&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKD68Q89xN3r9vFbo5k9yig&google_cver=1&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja&google_hm=HPcgpGZH9biuoCLpRta8TB46

Request Chain 191

https://sync.gonet-ads.com/match/google?google_gid=CAESEDnifJ7UaTUJMUBucsg4XB8&google_cver=1&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yfvIAHGEqW4QE HTTP 302
https://sync.gonet-ads.com/match/google?google_gid=CAESEDnifJ7UaTUJMUBucsg4XB8&google_cver=1&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yfvIAHGEqW4QE&chk=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=MzhiZThmODg1ODZiYmMw&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yfvIAHGEqW4QE HTTP 302
https://sync.gonet-ads.com/match/google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=MzhiZThmODg1ODZiYmMw&google_push= HTTP 302
https://s0.2mdn.net/dot.gif?google_error=5

Request Chain 196

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRisoUZhHz4f0m4aqbLBOhOK7Yy4Rl9YjwSwmlQ-5swVAM-dwx1we4YCjvLUV9Eux0O_8ErdSMOqK3zQ3ZKzqCfm9qNMa8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRisoUZhHz4f0m4aqbLBOhOK7Yy4Rl9YjwSwmlQ-5swVAM-dwx1we4YCjvLUV9Eux0O_8ErdSMOqK3zQ3ZKzqCfm9qNMa8

Request Chain 197

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMOLNgl8Qibzocz8M2yFpsI&google_cver=1&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL70-b4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL70-b4&google_hm=eS1hdHM5UV9CRTJwRk9nUDV1OUpTdUM3WW1qLkhyd1N1Nn5B

Request Chain 198

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEDNNztOO-oF-RskL2B2FZLI&google_cver=1&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEDNNztOO-oF-RskL2B2FZLI&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY&google_hm=bGtKbW9odzdRTHk1NHl0MUZlQnY=

Request Chain 199

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEP_-bNoYLinF9_QaBkQMg4Y&google_cver=1&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVOoQ4V1R825ADHCw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVOoQ4V1R825ADHCw

Request Chain 200

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEDdB7QsIQAQnU9v7LOPlFS4&google_cver=1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1693461147341 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-409b2d6a-197e-4976-98ff-a44e48d756f0-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w%26google_hm%3DA0CbLWoZfkl2mP-kTkjXVvA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&google_hm=A0CbLWoZfkl2mP-kTkjXVvA

Request Chain 201

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJlF9tyzU75J6chz97p8J7U&google_cver=1&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZoTx_T5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZoTx_T5&google_hm=Mjk0MzA0NTEzMTA3ODUwMjQ3OA==

Request Chain 202

https://an.yandex.ru/mapuid/google/CAESEIfFa3cSqup4M7_xQEIovq0?ext-param=AXcoOmQEpth8p_408ZIgM_ay9DQuUS5Ht6Ps8T9NpDnqbATle5WuyH4Nii_jluuiOF9YI5uo3ceagSlVa44Tav39rzotrstQMMuB&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEIfFa3cSqup4M7_xQEIovq0?redir-setuniq=1&ext-param=AXcoOmQEpth8p_408ZIgM_ay9DQuUS5Ht6Ps8T9NpDnqbATle5WuyH4Nii_jluuiOF9YI5uo3ceagSlVa44Tav39rzotrstQMMuB&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEIfFa3cSqup4M7_xQEIovq0&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

247 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun Show response
www.xgcartoon.com/detail/ 76 KB
17 KB 821ms
390ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 54c5db5082715c5202625d60ddb3a623c679d3a5ddf15fc13b1970df029958d8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 31 Aug 2023 05:52:23 GMT
etag: "12ffb-UCyruUiLaaYCYzpTn9PRDER9aCg"
expires: Thu, 31 Aug 2023 05:53:23 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 277 KB
71 KB 150ms
71ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72923
x-xss-protection: 0
server: sffe
etag: "8f05ddb4de6114d6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
24 KB 109ms
31ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23145
x-xss-protection: 0
server: sffe
etag: "1e24d49ff16f97fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 113ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9421
x-xss-protection: 0
server: sffe
etag: "56ca3e5770e137fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 49 KB
15 KB 137ms
63ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14971
x-xss-protection: 0
server: sffe
etag: "675440b55a1b9283"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 120ms
46ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15359
x-xss-protection: 0
server: sffe
etag: "f6812c8625865ef6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 143ms
70ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4778
x-xss-protection: 0
server: sffe
etag: "3b7d847d5c21773c"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10348
x-xss-protection: 0
server: sffe
etag: "279670ab552e383b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 05:52:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32193
x-xss-protection: 0
server: sffe
etag: "473971c650298c2f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 05:52:23 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
469 B 225ms
158ms Image
image/gif 104.20.218.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.218.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:23 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 7ff301d3ec4490ec-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 209ms
208ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:23 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Thu, 31 Aug 2023 05:55:23 GMT

GET
H2 200 heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun.jpg
static-a.xgcartoon.com/cover/ 168 KB
169 KB 897ms
840ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 631bd55599a6b4f749afa794e175c34ead00ba79ea0fa4bcd9f4e41279bc69fb

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Jun 2023 03:58:58 GMT
server: cloudflare
etag: "020B14F84A6F15B2E8A15313F504F82F"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff301d52a15371c-FRA
content-length: 172522
expires: Tue, 29 Aug 2023 07:41:52 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 206ms
205ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:23 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Thu, 31 Aug 2023 05:55:23 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 207ms
206ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:23 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Thu, 31 Aug 2023 05:55:23 GMT

GET
H2 200 chiyanjinyiweiguoyu-xiedan.jpg
static-a.xgcartoon.com/cover/ 74 KB
74 KB 332ms
275ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/chiyanjinyiweiguoyu-xiedan.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af2bd3f28487312bdcc175c74527c27839b0e49a0cafd69ad5c22ddad8c28c92

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
cf-cache-status: HIT
last-modified: Sat, 14 Jan 2023 00:10:33 GMT
server: cloudflare
etag: "DE8D1DBFB4BD77C1B9CF3140C62BA47F"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff301d52a17371c-FRA
content-length: 75451
expires: Fri, 01 Sep 2023 03:43:14 GMT

GET
H2 200 jiamianqishioooouzi-dongyingzhushihuishe.jpg
static-a.xgcartoon.com/cover/ 11 KB
11 KB 664ms
608ms Image
image/jpeg 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/jiamianqishioooouzi-dongyingzhushihuishe.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67d876ab8150c4e239e39d230ec802e7b42488da2eaa80cfbbdeee9c9aaee5f8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Thu, 11 Aug 2022 12:21:40 GMT
server: cloudflare
etag: "3B1382C9E0DB54E1E8124D8417B3CC84"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff301d52a1a371c-FRA
content-length: 11491
expires: Fri, 01 Sep 2023 03:30:01 GMT

GET
H2 200 zhuifu36ji_laogong_laizhandongtaimanhua_di1ji-qianhuidongman.jpg
static-a.xgcartoon.com/cover/ 67 KB
67 KB 831ms
775ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/zhuifu36ji_laogong_laizhandongtaimanhua_di1ji-qianhuidongman.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b6fa2ec1523ce2a39b3e749ec9efec7448b873846c977204bd568eadbf64036

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 02:09:56 GMT
server: cloudflare
etag: "039C7E656E2BECF23214E7E6A520266A"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff301d52a1b371c-FRA
content-length: 68312
expires: Fri, 01 Sep 2023 03:34:54 GMT

GET
H2 200 mofashidexinniangmofashizhijiadi12jiriyu-.jpg
static-a.xgcartoon.com/cover/ 50 KB
50 KB 807ms
751ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/mofashidexinniangmofashizhijiadi12jiriyu-.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 312b0fe0b3f731a02dd101f59a834f1782e7649570d2883d2c446c902f14a873

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
cf-cache-status: HIT
last-modified: Fri, 07 Apr 2023 06:38:06 GMT
server: cloudflare
etag: "E4492F06DE610FF51A5B54A2C6E30A55"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff301d52a1e371c-FRA
content-length: 51317
expires: Fri, 01 Sep 2023 04:00:09 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 8 KB
3 KB 66ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 120014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2971
x-xss-protection: 0
server: sffe
etag: "81fe35e806c986f9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 237 KB
63 KB 50ms
24ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:24 GMT
age: 119999
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64176
x-xss-protection: 0
server: sffe
etag: "53ca58918b9d6396"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:24 GMT

GET
DATA 200
OK truncated
/ 595 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 12 KB
4 KB 52ms
33ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 120014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3937
x-xss-protection: 0
server: sffe
etag: "256c2c03e8e2f982"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 823ms
770ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=1091003529&ga_cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ga_hid=3529&dt=1693461143918&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=336&dtd=12&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfaf58be91df1aebaa5fa01acc0ab95a9ce4a87500acf5747003c5cc7fd16415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14056
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CNGC06-ahoEDFeRY5QodkksCrA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 05:52:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
17 KB 369ms
318ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=837&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=1091003529&ga_cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ga_hid=3529&dt=1693461143918&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=336&dtd=13&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbc13196eb2fba04020a3e839c4d853e7e86eb4d1ceebd1fe3fe83445f3c3fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampanalytics: {"url":["https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6WXOy0rHDO_YfmyiUR3-ldu66yRXYEanW_8jx0Au3vchEjNZgWcy8OeCLpbaActP5GpDSNu6A5YEbbKChydFvKtJkwpK_TKtkwgsH2aKnHwirydXG_CLUp6lQvMJISuvw3EIDooOS6w\u0026sai=AMfl-YQG-eIi65KVDc080jTNiFRB6tep-1ore_NW5J5WnLwP88Cz5PiG72lUIbquuCEzgDdB2Js_Jq4k5EnR\u0026sig=Cg0ArKJSzDy38EL7K5XIEAE\u0026cid=CAQSGwBpAlJWIFOReMGH09a3mwp__Onw2jl8OlZ0vhgB\u0026id=ampim\u0026o=${elementX},${elementY}\u0026d=${elementWidth},${elementHeight}\u0026ss=${screenWidth},${screenHeight}\u0026bs=${viewportWidth},${viewportHeight}\u0026mcvt=${maxContinuousVisibleTime}\u0026mtos=0,0,${maxContinuousVisibleTime},${maxContinuousVisibleTime},${maxContinuousVisibleTime}\u0026tos=0,0,${totalVisibleTime},0,0\u0026tfs=${firstSeenTime}\u0026tls=${lastSeenTime}\u0026g=${minVisiblePercentage}\u0026h=${maxVisiblePercentage}\u0026tt=${totalTime}\u0026r=v\u0026avms=ampa\u0026uap=${uach(platform)}\u0026uapv=${uach(platformVersion)}\u0026uaa=${uach(architecture)}\u0026uam=${uach(model)}\u0026uafv=${uach(uaFullVersion)}\u0026uab=${uach(bitness)}\u0026uafvl=${uach(fullVersionList)}\u0026uaw=${uach(wow64)}\u0026adk=3018598273"],"btrUrl":[]}
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
amp-fast-fetch-signature: google:1:HGP5pgs0NQkYrNUP/6M9SbhR3iB012UirtQUCzc5aneQAW9Y/4Q02MHBiXm4API+VQGH0xbfq0EbINwnOUX9zReA01qrcxlpOEfMMRrYnxD08T5my0VcIslUx3cY+lDDI6R0C0L4h5nCYSrIlUhwVOgn8IACQzGQRujCNgHPMhX+oJdniB2knGvx3kuRt6B+6jA/nycFehQcXQLBu/eLhBbDWFJhdqRa7g5GH8ftFDd1vFFZdHHRjsPXHwLkhC7LbTHbHAmO/K8Xd4CSngSm/94F+cdctLy2NJP115ungf/rUmAHbfyWwSQfgcvYS1KGOHSLnQ4GYnSIUYPR2YitWA==
google-lineitem-id: -1
x-qqid: COrFuK-ahoEDFSzhuwgdy8gJkA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-AmpAnalytics,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender,x-google-amp-ad-validated-version,AMP-Fast-Fetch-Signature
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 05:52:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 1018ms
967ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=1091003529&ga_cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ga_hid=3529&dt=1693461143919&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=337&dtd=13&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14835ba3453c841197e3c0cb86c202613d993472d9134537e4b9d6b7b45afdc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23203
x-xss-protection: 0
google-lineitem-id: 6136662859
x-qqid: CIvit6-ahoEDFdqK_Qcd5TIDgg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138390659313
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 05:52:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 1229ms
1179ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=1091003529&ga_cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ga_hid=3529&dt=1693461143919&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=337&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f35730ce6466db793fae4126063c0ad9fec6ebc9130daa8dcc6438fc1f1e6217

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
x-creativesize: 300x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23209
x-xss-protection: 0
google-lineitem-id: 6137558288
x-qqid: CLHqt6-ahoEDFSWj_Qcdq1wLjw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138389590198
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 548ms
499ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=1033&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=1091003529&ga_cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ga_hid=3529&dt=1693461143919&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&bdt=337&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e7adfd5e2d6bfd03b74146eb7fc02956bcafcf4deafaa3d681664b43d9f64a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23189
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: CLXet6-ahoEDFeLuuwgdDo8Ogg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495019
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 05:52:24 GMT

GET
H2 200 container.html
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 123ms
31ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 19 KB
7 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-exit-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0f0dd1b398b946a89d67c9dab7d24996499f9a28f22e29e4165125edf5d1734

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:07 GMT
age: 120017
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6635
x-xss-protection: 0
server: sffe
etag: "46dcbbb80309d4df"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:07 GMT

GET
H3 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 7 KB
2 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-fit-text-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0348978a435efe42a3f0032226082bc4aedb9c569a9f387e8843a468c455c189

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:07 GMT
age: 120017
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2507
x-xss-protection: 0
server: sffe
etag: "1b33f8c072686442"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:07 GMT

GET
DATA 200
OK truncated
/ Frame 2B1E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c48a347589276e210594239d1da564be59751f16ef6ec3118abd66a39fbcb173

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/ 2 KB
886 B 22ms
22ms Fetch
application/json 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:04 GMT
age: 120020
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "0fc0eb4a65ca6481"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:04 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 211ms
211ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:24 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Thu, 31 Aug 2023 05:55:24 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 175ms
60ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=3529&cid=amp-jmeVEV1wbS0jAusrS9p1Uw&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&dr=&dt=%F0%9F%8D%B9%E9%BB%91%E5%AD%90%E7%9A%84%E7%B1%83%E7%90%83%E3%80%90%E5%8A%87%E5%A0%B4%E7%89%88%E3%80%91LAST%20GAME%EF%BC%88%E5%B9%BB%E5%BD%B1%E7%B1%83%E7%90%83%E7%8E%8B%E5%8A%87%E5%A0%B4%E7%89%88%20%E7%B5%82%E6%A5%B5%E4%B8%80%E6%88%B0%EF%BC%89%E3%80%90%E7%B2%B5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1693461145&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8615 6 KB
3 KB 50ms
30ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6D94 6 KB
3 KB 50ms
31ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1D5B 6 KB
3 KB 51ms
32ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2495 6 KB
3 KB 52ms
34ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame CDEE 55 KB
21 KB 136ms
63ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPAqmAAG61EK5VjkAAJLkpSp62rUp9mjo3ksNw&u=%7CYOPKDqE%2FHlVyuzchkkIUXVRc2HGrNoFLaBgPXbpNBoM%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osKZuaH-aMKm9HzPQN8tLvOo4ByV5sJyLcTIaq1RJFizmxw8DfLG9MG3A25RC-fDNgGKi34xuBX1EHzOz4qeeVjTmjfqf1v11JsCq5e9sAK1rOUf5FSW5uj2Xy-jzYczPHM4d-UGxgH90MDGthEiAdKM_Cy3Skez_UYOMaVDHPz9aKDr0l1p1PldtSn8iSyWgqdv9bZ_j4HMvWAPMr6hKUh37PQ4Tec0t_WAhDWqRr5v-s4S_pHlvrGz4OdA4fW4KLk3RlGs4BHRjWit6hoX4L3cCkVUaU6JDKZcy5O5pxzhlJW8wx1GFZxBNKPe791_5JRytQH-Wt9X32xPz1pqGdxyE2iUytBl--uBJERLm47ZcggWt3caOJ4s7Df87V4Ji1bj_L2Zs1henhA1m7KZ5XWHdTos7ai2LQHyFQE-8A8pGdTKp1XZJl7rAk4CMRyIPZg1s1f2KG4_vGCc2x4bn2-m-P6lbgTO1LPjUWo042VYsUrSmarwkP8huPlI5wwthd-IIG-fpqGPwOjyQDakuX7z8WU9H3uedAh8H9Ao2vlCzYuvBCETE4VaGJ1xZmYH4IhloKu1xegND6N-AqLShR97qZY8QBcYgshen_Rt30wF9kY5FrbU7jz77C843sP-S5WaCUrNgYv4BV3XeGPWKBHi&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1y7VmCrwZNHWG-SxlQeSl4ngCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5CImmAFYsj7gAgCoAwHIAwKqBOACT9DjVb4ZhelT-2grBXFATXgz8VEpYJu0uJH8jgiCjSPFqY6C6Px6fgkTauZJgpzP4CFQAnY7FrT2Nn0i9iUhuORj_HImCIhEyj3AnuVFHP_9fbWq4KNmOM8cfeScmRB5eLL3TdzdRVM0SP69iyFDJ7BYl7P8r_IGAbU9fL_btX9CEezvbpJh-enToMbYPvkRRMnmuSJMTy1U3OZIZ-4sE5t_6g5Pm4T_fWEFpb7ltaxX-l6Cmk4qPYD26_dWzZHHd3dv9TAicCOLfZRJ93fDcRnrPzQEsymX7pNNfQ1VSo6cVzoSqV9pFiS_sRbCVQFIFyexp0dsMZAOIjl379DT_RJzxZ90W385JjGu10nhaa0gOR034iDZVdXpkpzOX-9yvcxSZ1eAEUatkwPgW69t0jTlA09ydF3ajv8fd6mlmyeZWJO54PiobriqSDDIZy1lLeTqimZEl9wB5EhmQDy1F-AEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2eQZ_GY6NhIxg5lsBy4OM9thRQ7w%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ec50e8cc293aa75ef5fb92a4aa8123a01f00aa0e6cf9dfef913d6efd036d7154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=2HlwYsIPNn6sMpSse-5AgJPlVRI29_2Khv-jd6gtDqUaq0JVXJcdZTL1pM7uCsXQXZp_9sMWVrHop3eoZKH1smpAXzgq623ueS5-zZi67NkM5CZcmuLTluSDy8L7_ZvtRtEZYd4XxPzftZTacAsAqlk3iqmxE30pZD-jQ82xNCL959rqpZFstlEZ-1jJSVqorxbT1hHBRItSqyiuNKd5-EATwa0ZEae9EOSBrIzg8mJLZuRDbGG2gFfTBwjwM7t-x8nVAQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2952204
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 8615 3 KB
1 KB 101ms
27ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 22:51:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25229
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 22:51:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 8615 20 KB
8 KB 95ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56004
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:01 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8615 24 KB
7 KB 95ms
24ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 07:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Aug 2024 07:32:53 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8615 181 KB
57 KB 134ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6D94 99 KB
28 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e49b305b19fc3ec458dc06d14bb34601922deb19a429bb128b501b1f4a2ce3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28891
x-xss-protection: 0
server: cafe
etag: 743 / 19600 / m202308240101 / config-hash: 8988950760368396923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D94 181 KB
57 KB 150ms
71ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D94 0
438 B 62ms
62ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstBrmILH578ynLMw07wYvIRfYAT6CymtTA0egYr558i8M0CkV-fRLLW0a3yJJSQ2yppH2KoZrlMl18Tr6cVpxEV6IGwR0K0qa06ZIZ4T52HaddhRh55bChdK9p89kUtDnhFXjRX2Od2HEpYyLVONwRlL3tC8DiUJMjuwR42ksUN3xv-RVkqxWhcrbP_eiqi3p9jzIuMc1tv9Qjx6VpKyZAXeY8pRAkeLP1LvTAj3np6tBZaLlX9TUx7pKgnCLrPxpORiDL_SeGns0KUozGekoqu25z1CgEwGZDi2ijY0PV4OTYeBKZH0GIYCC-7Nr-GKKiEIpnoSA2HKCZaxeZN2rpBc4pobm5XsUq0C0upJAAlU-I&sai=AMfl-YRn_EfEM2hi-XiCqwqkGUkLA_EmEWSEWggb1rejBLh6BFK6C9QLJyE4iPZVP5zevvgBqgaPZjjOY7n6PBo&sig=Cg0ArKJSzGP6O78VCysDEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1D5B 99 KB
28 KB 149ms
148ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

390f25db8163404ad9965f9e213d59b5c4d11ff7ad996d6b2d6e14335a41d5c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28898
x-xss-protection: 0
server: cafe
etag: 54 / 19600 / m202308240101 / config-hash: 8988950760368396923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D5B 181 KB
57 KB 124ms
75ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1D5B 0
293 B 63ms
60ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDVXYQh6sCuMEEdTRwlCY8Odrwe4ZXtudGethThgB0JXuafWk2FDViroVpBogVj_GKAY_zFm-LWNXQv3yWeoEN-j0-xcBENLwqeXVBYZJJLKjdkIOYihGzedj6cIZT_0iI3rwk0yuZNS4bVKEju9nlIivYL2J8XurKJPoV25q4VD-w_WWFurwrb6xb2wdCRe3nyFyfUQbTBjKkyCUdY0wLhUn4ARKCWG7eiBJDKuHRI0Hm7h-bo_jputkDWSO8nEe73ZdEVPiUPFFp1zcYp6okCLzi3gIsmz5FMiMIiJfUbzeUTwh3W1U4DO5-iiXZIyampfVypNWZ-FnfsOd5XJOMOJL7f9l4eQ3x87L7DT8pkVU&sai=AMfl-YQwndWJMpu6ZPop7zuWyJMHg8UtYGi4141dDQcXvjBTQ2Dm_VE7X_ZVWtSMsXIRtX3Eox3Ja_gKNwlhTyo&sig=Cg0ArKJSzKqcfcKP4TbDEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2495 99 KB
28 KB 79ms
76ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

236a81881a08fb36e15f4153b86711da54d9656df4fdc14881a89b0672cbedf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28891
x-xss-protection: 0
server: cafe
etag: 582 / 19600 / m202308240101 / config-hash: 8988950760368396923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2495 181 KB
57 KB 111ms
83ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2495 0
29 B 70ms
67ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRNg9aEz3g9Oattz7Hhovl3XSRUdo9Q59p03zqXyUYJv5kQXTW-qUmTJRLXzOTySxcq0g3xA7XZqblbSUO9MfPMW4XhuRnPrwQsW1RvVe7xN0W1lXHD5cm1LTDndFCyUxKwIhzjONHGuSmyk3siIli0xuVxENrAIdP5Wg5x3QYnZiAI7gk7S_j8tK-lP3a9nVqhTnOWvAXCoC96iUoaJMrTHh9cy28E80moIsAyCVpqiR-ebxz7S7RRXfZmdAUDc7UELtbxLuKCMZgjxrxIvsRJWLppQn9VQf7dUa8upgQGEfRPbbGln6aNJfhytYSH_h8hivzQ5YE6YmKNWSHVMRg-GRqIBZiMF35bGnUddmPI-u3&sai=AMfl-YTS3eWADAaQuA2-ml2SJPcaljw7odjV539PeR2kSsmDp-bRGG4skpVOhDaKNN6PZaYcqL-tCK_XQFQ21yQ&sig=Cg0ArKJSzC5eMCAyodlDEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:25 GMT

GET
DATA 200
OK truncated
/ Frame 8615 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 179d66a48221a329b60064e288d6e2da96ce9007fb2dd9db5eccd14f87b3b3e3

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame CDEE 2 KB
1 KB 176ms
100ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPAqmAAG61EK5VjkAAJLkpSp62rUp9mjo3ksNw&u=%7CYOPKDqE%2FHlVyuzchkkIUXVRc2HGrNoFLaBgPXbpNBoM%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osKZuaH-aMKm9HzPQN8tLvOo4ByV5sJyLcTIaq1RJFizmxw8DfLG9MG3A25RC-fDNgGKi34xuBX1EHzOz4qeeVjTmjfqf1v11JsCq5e9sAK1rOUf5FSW5uj2Xy-jzYczPHM4d-UGxgH90MDGthEiAdKM_Cy3Skez_UYOMaVDHPz9aKDr0l1p1PldtSn8iSyWgqdv9bZ_j4HMvWAPMr6hKUh37PQ4Tec0t_WAhDWqRr5v-s4S_pHlvrGz4OdA4fW4KLk3RlGs4BHRjWit6hoX4L3cCkVUaU6JDKZcy5O5pxzhlJW8wx1GFZxBNKPe791_5JRytQH-Wt9X32xPz1pqGdxyE2iUytBl--uBJERLm47ZcggWt3caOJ4s7Df87V4Ji1bj_L2Zs1henhA1m7KZ5XWHdTos7ai2LQHyFQE-8A8pGdTKp1XZJl7rAk4CMRyIPZg1s1f2KG4_vGCc2x4bn2-m-P6lbgTO1LPjUWo042VYsUrSmarwkP8huPlI5wwthd-IIG-fpqGPwOjyQDakuX7z8WU9H3uedAh8H9Ao2vlCzYuvBCETE4VaGJ1xZmYH4IhloKu1xegND6N-AqLShR97qZY8QBcYgshen_Rt30wF9kY5FrbU7jz77C843sP-S5WaCUrNgYv4BV3XeGPWKBHi&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1y7VmCrwZNHWG-SxlQeSl4ngCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5CImmAFYsj7gAgCoAwHIAwKqBOACT9DjVb4ZhelT-2grBXFATXgz8VEpYJu0uJH8jgiCjSPFqY6C6Px6fgkTauZJgpzP4CFQAnY7FrT2Nn0i9iUhuORj_HImCIhEyj3AnuVFHP_9fbWq4KNmOM8cfeScmRB5eLL3TdzdRVM0SP69iyFDJ7BYl7P8r_IGAbU9fL_btX9CEezvbpJh-enToMbYPvkRRMnmuSJMTy1U3OZIZ-4sE5t_6g5Pm4T_fWEFpb7ltaxX-l6Cmk4qPYD26_dWzZHHd3dv9TAicCOLfZRJ93fDcRnrPzQEsymX7pNNfQ1VSo6cVzoSqV9pFiS_sRbCVQFIFyexp0dsMZAOIjl379DT_RJzxZ90W385JjGu10nhaa0gOR034iDZVdXpkpzOX-9yvcxSZ1eAEUatkwPgW69t0jTlA09ydF3ajv8fd6mlmyeZWJO54PiobriqSDDIZy1lLeTqimZEl9wB5EhmQDy1F-AEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2eQZ_GY6NhIxg5lsBy4OM9thRQ7w%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame CDEE 2 KB
1 KB 213ms
138ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame CDEE 308 B
637 B 151ms
99ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame CDEE 293 B
621 B 190ms
139ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame CDEE 43 B
348 B 152ms
57ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=KWvZtQutJvklX78xyGDUIOhooy2BzKVyqWQM83TJvlTHUmt-VSR55viRdn9F-mkop99RHQYbzPlCvLCMNB1v1lhsQgxVDe2r5OhMwt7OdnHis8W6olTBNzijUapHWU68XEYYLQeqIq2vgDZOAKObW26j0ia6cCb5iz55c4vx9mlaNmJ4O0-a834_tHVMpbGriCoAhJZ5OUMsj8uyKyQCXqikQmazUZmATzQdAscR3x_5r1O-V_mc7zedX0FrDlNo9SoFuEclFG2Lcz0Qeb-EqFOTi8Ws5DiYGgEOxUarHvAu0PW7nfMUD4E9fvVoUw8kzkQj-Hjpyg83yEFpdU926CXwCYRPn8oHHy0soj9lNzG5V_qhNQeXV0W9qxiXM_UAEYMbUT_i8azjZ7pIhvMp76jQS8nm7iRICFPDaJU-4CMKmZWMyQ4QOlvrQ4o2gR3jqaYaAnxRM_uhPYgMF7wVqpvduMhs92PLf7-1ISWyMG2xbwX9dXlUDkHPYhvc9ruk1HDDizpQlXaOkSgMr4NqyvCZRfodNkAKBeYAccH3M7961V5X1wLQm6xtFeahnBcimCxEdg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1542093
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4900538/ Frame CDEE 58 KB
58 KB 151ms
100ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4900538/e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c8f5b0910ad1e7494f3713d5a7db386d0a92af4f28cff5b80ab2b198fe1303a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 11 Aug 2023 08:44:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64d5f4e3-e840"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 59456
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/ Frame 6D94 404 KB
127 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 18:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41116
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129934
x-xss-protection: 0
server: cafe
etag: 17007686020673988365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 29 Aug 2024 18:27:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame CDEE 0
128 B 121ms
52ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=2HlwYsIPNn6sMpSse-5AgJPlVRI29_2Khv-jd6gtDqUaq0JVXJcdZTL1pM7uCsXQXZp_9sMWVrHop3eoZKH1smpAXzgq623ueS5-zZi67NkM5CZcmuLTluSDy8L7_ZvtRtEZYd4XxPzftZTacAsAqlk3iqmxE30pZD-jQ82xNCL959rqpZFstlEZ-1jJSVqorxbT1hHBRItSqyiuNKd5-EATwa0ZEae9EOSBrIzg8mJLZuRDbGG2gFfTBwjwM7t-x8nVAQ&sds=2&rev=88100&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame CDEE 2 KB
1 KB 158ms
139ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame CDEE 2 KB
1 KB 37ms
34ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:52:25 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/ Frame 2495 404 KB
127 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 18:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41116
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129934
x-xss-protection: 0
server: cafe
etag: 17007686020673988365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 29 Aug 2024 18:27:09 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6D94 28 KB
12 KB 331ms
331ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2845785222349537&correlator=1764700934677455&eid=31075593%2C21065725&output=ldjh&gdfp_req=1&vrg=202308240101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com&abxe=1&dt=1693461145813&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=szw4mle0aecy&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1693461145328&idt=451&prev_scp=in2w_key9001%3D1%26in2w_key%3D3%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D3%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=1335770594&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f5c12d87ae42761d6d5e00c60d16e36137b3c340c51012d3ec7406ba0b7df80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12362
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0341 6 KB
3 KB 117ms
29ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/ Frame 1D5B 404 KB
127 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 18:27:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41116
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129934
x-xss-protection: 0
server: cafe
etag: 17007686020673988365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 29 Aug 2024 18:27:09 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8615 0
0 80ms
79ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C3mremCrwZNHWG-SxlQeSl4ngCsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC5CImmAFYsj7gAgCoAwHIAwKqBN0CT9DjVb4ZhelT-2grBXFATXgz8VEpYJu0uJH8jgiCjSPFqY6C6Px6fgkTauZJgpzP4CFQAnY7FrT2Nn0i9iUhuORj_HImCIhEyj3AnuVFHP_9fbWq4KNmOM8cfeScmRB5eLL3TdzdRVM0SP69iyFDJ7BYl7P8r_IGAbU9fL_btX9CEezvbpJh-enToMbYPvkRRMnmuSJMTy1U3OZIZ-4sE5t_6g5Pm4T_fWEFpb7ltaxX-l6Cmk4qPYD26_dWzZHHd3dv9TAicCOLfZRJ93fDcRnrPzQEsymX7pNNfQ1VSo6cVzoSqV9pFiS_sRbCVQFIFyexp0dsMZAOIjl379DT_RJzxZ90W385JjGu10nhaa0gOR034iDZVdXpkpzOX-9yvcxSZ1eAEUatkwPgW69t0jTlA09ydF2YjN6N8CY5iJgFTDBp3V5QZ6yg_jrmf6_R5dlMeNlau8SETsx1_-AEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=dQpvKA82vCs&uach_m=[UACH]&cid=CAQSGwBpAlJWeJRuobZsdfrQagntUU-sg8Nzx29xuRgB&cbvp=2&vis=1
Requested by: Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 8615 0
126 B 100ms
28ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRCXKvBkMflTiyzVILZeMQAAEgAACgpBUVVCQVFFQkFR&wp=ZPAqmAAG61EK5VjkAAJLkpSp62rUp9mjo3ksNw&cbvp=2

Requested by

Host: 83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 173325
server: Kestrel
content-length: 0

GET
DATA 200
OK truncated
/ Frame 2495 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a4dfc5504cdf9eddd4c2f77944f4c5bfef6a7fea772748a2f23ecf2c2fefca2

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2495 126 KB
44 KB 327ms
322ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4233398476759937&correlator=2917448253381932&eid=31076475&output=ldjh&gdfp_req=1&vrg=202308240101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com&abxe=1&dt=1693461145905&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=6natixjwhjkd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=2.2&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1693461145359&idt=511&prev_scp=in2w_key9001%3D1%26in2w_key%3D3%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D3%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=3703253174&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

baf7e4a721e3d75d12fd982e1002611959b7e7ab945f6c002402cc3313f95af3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45186
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4F33 6 KB
3 KB 67ms
31ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1D5B 28 KB
12 KB 299ms
299ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2883861095143595&correlator=2312315142428076&eid=31076398%2C44769662&output=ldjh&gdfp_req=1&vrg=202308240101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com&abxe=1&dt=1693461146022&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=4l1amwe4ltt3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fheizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun&loc=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1693461145357&idt=640&prev_scp=in2w_key9001%3D1%26in2w_key%3D1%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D1%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=1683535187&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ba952e6bcf2df8d5c6ed6713885e358b08d5b7f6c75b1d291e4f886cee7896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12384
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A696 6 KB
3 KB 75ms
43ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Fri, 30 Aug 2024 05:52:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D94 0
0 108ms
61ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssV5btXt311G4xAb6yJ00Fj7wPXORLLqD9JJS724HiJ4vdSu_81twulyFG9_6KKNuNF7axu6L0C1LaH0Tx-rO1IGfzcatRsQWqZ93w-Ccre-4ttoyCYrPx6rEAf7HVImtW8nKtMBWWPXKZ6SdUE2J-y2BNtowpwHVrdNTYfzYvBtONZS_EMjwOeNGtdp3SN_WjlJM4lnYz7g9sc73VlD-gXpRpgm-N_PUAoxczrEoCrXNjYsC0b6kwcrBa6uz9UTB4b-5c9rVX72uetSLC0b5WOwygVhe2W00wVaTxQyOwLo0_xNyGoBoZcAZl_4lWz8G9GXrL3sy0Eq28zUIyZV9YDb1WWi2HjuyH4atvaV_7qtEkKmg&sai=AMfl-YQSJVbO3GQm_lSHoMPauoamJjHFOYTBloy8z1fwMfMppj8Tbnk2w4mbjpphEXH94dvwxCLika5SAsU4ypo&sig=Cg0ArKJSzAEvw8ZcpNsDEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6D94 15 KB
11 KB 146ms
83ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308240101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966749ad92650b6cecb61ec627223c6fd60de53306f20dd06236b40bd0fa5062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11667
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2495 0
0 110ms
63ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvd9WS6jw7tR-DxQUvIF0AzfE5sHA5iMRFuRLCwkQlF0xiMtg4F9l5KYR6uCTybouTFGbTmT3a672rRB_iK8QU8SKBaFeLBwErSkgv_QIZicI-kfJkkIv8uOvforsaI1P-Ni-DQdhIAvEi_mVMxQl7ySYUCVjsAFWYkv6KKOj6tAUwCvIe2knwUktMHxkxdDKlriR3_mW6c_HWtxoYgIA_qIyT9CjytuBRTDPi5ZheoNYpWlewmv-Xu6t-2e9CZCNqo2ru9eRMVT9-zisqQHygr42O-4QL3wjug4MHKf5OI-YtOjwQi8oy5D2QNoGg__5TlU9IdYynmPVcXYNgm40sUN8Ke00ZrpaQtuP2MPGH3MKFdoKQ&sai=AMfl-YRssCRz9XFqu2kMuYxd558QRPWZq0wsaeCEqDQui62-AAbBPHg9e4GTWc3aIbm68iADYzjwhuVCjLNHgvk&sig=Cg0ArKJSzKP-Z7HHJ_eNEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2495 15 KB
11 KB 140ms
78ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308240101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abf7a8d4d18ae2ebc530990b5e97285e1584c3865dc2986468f55a0d21ae647f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11692
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1D5B 0
0 88ms
60ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsskwrVHs2SM4kV-kOSZ5vV0vYimVTva6DLSJvRokA2rQsGONdI2LOpjZQG5LZ5EMAXIUQr2f5UO7f_sWm9NJublnCsl7lweBsZh4YMjwGq_KQDw1l18Hz-fimY9kx2w4G973S1LO0LfaFh0zMhPomLnjBMY8apcsvJJ77oUqK1_ZcmDW9BNBVhvpulnQem-xnb-OfMFg9MRjO5ZyX9HSMTYrIwYgHO5clmyT5-n-orQkjcMfdxbmUJIYQC5APdIsxWdPPtsv_5tGm5rtVGFj7wuDdgZEhI8U0P0BP6DFNincyELDjOG1UJgbJRNGxrZU-ZZw4FkBnWnUPSmEDlo5hrN5XXGeQgZks98HfSlp4b2oTtADw&sai=AMfl-YSt6CxySYgqsYgHIFeBHIIhetsr4CEkd5m-rCYdMb-O_31q3bAucP32HpWEi3AjRey7zcfLAQ_3SN0xyQw&sig=Cg0ArKJSzNu0XnqujznsEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1D5B 15 KB
12 KB 115ms
73ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308240101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166ecf69ca3938b5fd811b87f83dd91a90ac384e9d8ea0c19c0c513d8c824ecb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11673
x-xss-protection: 0

GET
H3 200 container.html Show response
311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 161C 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0DDF 478 B
531 B 137ms
65ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNXjbjnadJAzLI7ZdF2lX1eqPmLgc_21tmGxCc3pq1P9jV5rOVWxi7nN-LM3Va64yaLznTQiZ5jsCrIOGlMs9lSrd_gTuQ

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 161C 86 KB
30 KB 264ms
208ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 161C 42 B
110 B 112ms
57ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNIhUoVhn8r8Vcm8gk2wlpnoG9H-UI0OaeqHIeMPApfPU-hCzCQfwFGtMCAKO9G14icX_wmn-TNCl4FIhCzBFY1QRJyEBqxQe69YCszHx3UmKALjo

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 161C 0
349 B 110ms
56ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4224576697527326637&x=1&ct=77

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
fw.adsafeprotected.com/rjss/bs.serving-sys.com/1554652/73029357/Serving/ Frame 161C 251 KB
77 KB 250ms
68ms Script
application/javascript 52.213.146.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.146.58 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-146-58.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d22a8386d59be57d02a256b254039882b157851f9d63e837ca269fbcbac01365

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 161C 3 KB
1 KB 28ms
25ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 22:51:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 22:51:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 161C 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 161C 0
0 106ms
35ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRgnVXuFPh3wcYP2FpUeszVanbB4jgp66Z69kgneuXmnKgAWNmf2EDWcxlTIGn4tr8mgkmTiXTEJw0lM5j76-ll5DX66A
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 161C 181 KB
57 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H3 200 container.html Show response
ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AF91 6 KB
3 KB 31ms
24ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:25 GMT
expires: Fri, 30 Aug 2024 05:52:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1D5B 17 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2495 17 KB
6 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6D94 17 KB
6 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame AF91 34 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b238632bac0e65b25d80c12d85ef0bb6d212430d25b4e13dd55f7c9bf62cd0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 15:11:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13552
x-xss-protection: 0
server: cafe
etag: 17023098769855550506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 15:11:07 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame AF91 24 KB
6 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 07:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339573
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Aug 2024 07:32:53 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AF91 181 KB
56 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/ Frame AF91 23 KB
9 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/abg_lite_fy2021.js

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:01 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame AF91 3 KB
1 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 22:51:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 22:51:56 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame AF91 20 KB
8 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame AF91 0
0 33ms
31ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSLeYQa5-cRIeLSnp0r000rKW4y_QtOQHlYaq8y_y2oTS6PJDlhZnfh9witGyvfUfwwdp-vjeZwVCap3zHrv4m_ONuqwA
Requested by: Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 container.html Show response
010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 85D1 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Fri, 30 Aug 2024 05:52:26 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 0DDF 170 B
409 B 138ms
32ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNXjbjnadJAzLI7ZdF2lX1eqPmLgc_21tmGxCc3pq1P9jV5rOVWxi7nN-LM3Va64yaLznTQiZ5jsCrIOGlMs9lSrd_gTuQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0DDF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1

43 B
766 B

25ms
24ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNXjbjnadJAzLI7ZdF2lX1eqPmLgc_21tmGxCc3pq1P9jV5rOVWxi7nN-LM3Va64yaLznTQiZ5jsCrIOGlMs9lSrd_gTuQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0DDF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPAqmlZ-DrDvba.hog0p5gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1&google_hm=2

43 B
766 B

25ms
25ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNXjbjnadJAzLI7ZdF2lX1eqPmLgc_21tmGxCc3pq1P9jV5rOVWxi7nN-LM3Va64yaLznTQiZ5jsCrIOGlMs9lSrd_gTuQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEh-QlMekfqYTYyJrRRRUsQ&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 428A 13 KB
5 KB 29ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 19666
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 00:24:40 GMT
expires: Fri, 30 Aug 2024 00:24:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C94E 829 B
1023 B 37ms
33ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55e9e3401c32c770ec57935b18e1239080b358d14d715c487993eed73d242e81

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qDVtdni45eP0om6c8KYwvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-qDVtdni45eP0om6c8KYwvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Thu, 31 Aug 2023 05:52:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 h0rqLs6b_jqy4xYc_ij5Ios6uKpvQnH8xcSD-dQQi4cLz68XjtT-rr2sJvGF9c6IlDD2NRJxpaO-Havrz6wABiZRL4pkMFc=w1200-h628-rj-pd-pc0x00e9e9e9
lh6.googleusercontent.com/proxy/ Frame AF91 149 KB
149 KB 97ms
23ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/h0rqLs6b_jqy4xYc_ij5Ios6uKpvQnH8xcSD-dQQi4cLz68XjtT-rr2sJvGF9c6IlDD2NRJxpaO-Havrz6wABiZRL4pkMFc=w1200-h628-rj-pd-pc0x00e9e9e9

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6e6a47774076d2781e980b5879411af2bcd9edbf81e5af540bfa5355f8c6f600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:09:48 GMT
x-content-type-options: nosniff
server: fife
age: 2558
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 152471
x-xss-protection: 0
expires: Fri, 01 Sep 2023 05:09:48 GMT

GET
H2 200 5787489652633563318
s0.2mdn.net/simgad/ Frame AF91 77 KB
77 KB 115ms
21ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5787489652633563318

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ab35a4ad3dc8423e979a361aedff5ff14d172e24038c2ee93231a17dda626fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 04:12:24 GMT
x-content-type-options: nosniff
age: 92402
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78634
x-xss-protection: 0
last-modified: Thu, 13 Jul 2023 12:55:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Aug 2024 04:12:24 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AA52 611 B
310 B 63ms
61ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNVUd2u5CUQUWR3O6eu8JaN1B6DRv45BfUgRauGVrs0mUnezxvlvbbiX6v9JxzEILW3PF9ydnNIyolTUuezQwmDId4aDog

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 85D1 86 KB
30 KB 140ms
138ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85D1 42 B
107 B 58ms
55ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BShobvCI411NvUnmmF5SIOBSsu4vHfwW63Es5XQpk_8scyKzsKVXVo_pbj455-F6OWK_Nx-mGoZIbQFl41p-x7IjhnXdoP1pCXgmAkIFhzchqqsk8

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85D1 0
56 B 57ms
54ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7346253054325708491&x=1&ct=77

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
fw.adsafeprotected.com/rjss/bs.serving-sys.com/1554652/73029357/Serving/ Frame 85D1 251 KB
77 KB 65ms
62ms Script
application/javascript 52.213.146.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.146.58 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-146-58.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 086b025b2322e84e1d972bc9a32cea5102f46dfb32e614e9c58cd74abb2af6d2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 85D1 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 22:51:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 22:51:56 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 85D1 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 85D1 0
0 30ms
28ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_otOUaTeMIqcMtqeevgoqlvdO8uDnRMj_xFc69gcnEXLBrTOy9-Cz2yracQ7eGSS9PFXCsWM4kZdQMVdK-pNz2YWWIQ
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 85D1 181 KB
56 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 05:52:26 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EECE 143 B
228 B 23ms
21ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 2652
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:08:14 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1FD9 1 KB
758 B 21ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 67107
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FCA2 13 KB
5 KB 24ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 19666
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 00:24:40 GMT
expires: Fri, 30 Aug 2024 00:24:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D824 829 B
561 B 34ms
31ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ddb1f6bcc9baeab85589539ffd669becebbb5c3876a8447b550ac9ff273f5767

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Bn4B6yJRZDNlGO-XKoXQ8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 539
content-security-policy: script-src 'report-sample' 'nonce-Bn4B6yJRZDNlGO-XKoXQ8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Thu, 31 Aug 2023 05:52:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AC89 13 KB
5 KB 25ms
23ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 19666
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 00:24:40 GMT
expires: Fri, 30 Aug 2024 00:24:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DC14 829 B
558 B 31ms
30ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c2c8745e4045c69a4e5014847db2f23786fa86d89b93fe2eb2a56e03ceee1dbb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--DViCrnA0_iMpzk3opAgsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce--DViCrnA0_iMpzk3opAgsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Thu, 31 Aug 2023 05:52:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame AF91 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c47b3029985ed53337b3aa5e250648f3e8920d14afb80fc9cb58e99672da7e48

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 161C 0
56 B 56ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6752625517959&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 161C 0
20 B 57ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6752625517959&version=m202307240101&ct=77&x=1&cor=4224576697527326700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 161C 29 KB
17 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BylFa2fev6HXAMlvcTcHTTMN-JvOnnyqgDhGcpUpEEgTaXu5z2NOc56GxaC4E6X5Hy55gqlDusKMbQLQxlQsudZoHu1mNQLsN5exQvemfqnb9z4YOeuEb_DUpVtVmLi-ov2HJP6KmePwbMe-PSMzljQL_I9huwPbpVXJVX9_XgvNMxKeI&cry=1&dbm_d=AKAmf-AbHreDFr-lzTV9__zHoKNZwzs4O6soD0ZksDzTGB4ZIp01xat3UHvInW9vWqdx-57B-5I0bVs2nnk5ZdBDBWsew__vXbQdOz2oUvb9ZnPEBPBCv5zr8NTOyUZt-NSsaqYSsv15Az0y_c5o33O_uuSBqvSvGGxpDlK6n27TwxJ4rTMi2qwY8r-k58yJsq4JDgETZJGMpWgIVDWD7TB9LeBMc7IKnefAsKxhMtMa0xd8SBuUekj_9t0ER9NGEu0J4boDTXaT1qVcPNNsr3CvWRbFP5v57gjHtQI5mPjQGH1vwo95-RELv8qhiqiTSHAhBsDBTrIhFxgyPWpMUtCngv8fdrChMFJnDachy_8lJGj-GUQVOP25EeuLEm4D1mlrTyULT47WpXUaOYahSM3Y8iavdBFi5bFri_y3NzM7DiyC7rURsP3qfmcIlE2TPnSvDG6w4qO7xndwl3MAKEDbzRQU4PhDOAKZ1v7Q_yaXT7566jJvdlEXKGxE4y6jd-tbSl4I0HkcADHZ1siW2kkgVRpqH9mzJR4rJiFsbvSNFa09EkWWFlRLO27fjmIkArd-1FWJ9KiCI8-WNWWsbXhmoidnSv6xhXOQWCCFxKOYzxx6Y9liH5JrVIAlECVIC-hL5dyqzURIp2VJkETHBITh0SBHnl866bxCEYAt1IhO7Vj1hyE7PjJIP2KoXy3s0v5IOqky0kSSghiBAFhcEcgwnUcQlIoIQCeBAoIZnviUWDeWh0EbkzDSwos16nfRLl_rLxO3ElTkUzhlGis2yFfxZKWaS7MIO50zBAH6nDDkKYLD5yuIOXJjNBMa5traay4ioiU3VGMtYXHEbHsymbgAGAEtEsdpcgTCiGtICBdUR4s8R0lWfU7LVawd61QJnc5kNkD3NH4_DBkARvX1NA5l2G1T6yiiyHmGaVoWyMw5WIs0gdNpxJhSFgSF635y_ena4bTmyyZLnwEjkCVZTcyPgcph0NrR6qU-Y085SiRmrZXBihoZuFRTkVDCJhi5pyElgC0b9c7SbKamw2hEH8-r431wtA2OO5FlioQVpxX7toDPUEWcN41rF1zMXyQLMuDpgx_DJExJMsIVfYPE73JVg_1mnSeWecDaZ2kdxR1RC39AndOaayCR8lTGTEgkvD92n0gG5HeuAbj8BQfucKasmgPyEx-T6UUj4BwJH-mjmi2KN2YeEvxMCrwO5nD3GhgcZfSK_zzBKfIvkeBQcgo8DO-DPsPC2FOxpiXLMmLB-Ah4dg1hfKHOKgWbvqBG7-G-Onz-ciMjc4LyofUca4WGMQLkucQH9Zo6q5MrGzqq7Z11AmLvaJqaAMBuoBnzFm1yiWqfCf3RRT6kZbkzra28mWUiuwqOevYBuDk4dSExjvAI6BYp0IMe7Mb2xThvlPAkOQkat4e00cOZpp1-Dn0y4Q7VFaWmJPErh9SXdagdGEwGr6RGTaeHrdAis2FUUXmDv8uN92NnCLjFctMkTmBK50K99rCP4UoKbtqPP8YgnpDcJ1loIRs2MYoiRhaj84r6bCs4V1Rk44CzfLu2uB9PWiLuNBKNE3iiQd-Op9f4Qta-d09EYV6kSbXVE62Ec65kpSrZ4POfVc3T-dmNQ8roY3SgrU4mIOIfciOCSxIeB9wBruT--sp-Zc2nebP8Sne15GZalUVvIlBTd7pIIGIJ_u3r9UWg9K1v_N-c4gSZF_LN0xsE-ZAhICLPBIx0p67VWCYW2CXqfVHXFVGrUKR0-tBxbx_Ss20OcUWA75TfOgVpxOgLQctzQLVEsil_NGzcmyAfGGSopNdwdhUg5elXPat0PATbJ0Qu0OzdgsBd_e3dB1gay6-vztR1f6HrEfpx8eaViNoRLxiNokW9N0EOzdZfSGxUg1bPDGsQ-vjXxKjSjEIN_6zSstVL1Wmv0QmvvYRdmpUGPkq212HnIrfBTr3ek9j3t27f2Etsihw9Iv43ZDxvQ1XEB87nFe2xr9xH20Kbx_fArytyoQhXPdICdtKHnECq1O20N92WRMEmZNtdoN39Ekl4WQtqA6nrNNcvMmWvlYUXS2NATmkmsZHCYYa2fL0icLT3lVol6iDZOqC44ug1pMxZ0YoWNLXURGaUicyjgFw6qXz1Ee7Lyz3z0QpvDQCDtJcBH_IwRJl1Gsu6pOfWcw9pFTYoyx4wFjnLLxEKfjC_MSKQxIJl7ftUmUpul4CyULzis5ipt0l99EqstJRW3RsITeztYVBKMLjtOPgNjVHiUIcFQFjgCTPODRnGppoZUCmx-ixT5WSQYEBWSaIyKbD6jVOqcoOjTYipzBFT4CIpesxI4xSfitXutD4DLTrTo494ACbUTLJcWfzKaujyXi5Yp3bTDx434l7QIe_JqlKRY9BHKOgrkK1OoWaUa1SlKFTAOVpj-3Y-smaqeRI6VF4x_vjydqKb3Knhyu3qShGGMOtwPIYwf1y3aIWt0QFksWrmOWSb_FbcyczSpJzjXetKixB9AglhkQHdevSISp8zHf4aRMZzUJ5cD2WmjJECpFhuOSIHGYXfVrw_yCquBHJJO4cP4nQ9GcS2XezS8wgkg8NKFcbO1wf2uzMYj0CQoqI_2FaA2gWWkl9mrEn7InXGbpX4g29aA9I66o7QVycdQThmKoLSWuNST_avEIX_50cvAimdVgEJCyfF8vM0Cd30JBK2vDw56xgzi3tBqLDvhVkOajJoBwS50w7uxSNoxsqWvLmI5SpIAXwWAmqOeJQ6iF9OAW5N-u-zyKym5oI7Ln5JD_yQP-60sBAGHpFKJqL7eyikLzB7XSQmfRZAPZccyHecfqWDxxiZbppIavAQoj0o3Bi-Cy6QZrt241cXTWYrm7aev0y5i18K6nJ7gQOxtir94wV4i9ioKdVZpl7faOtwWLbelttSIB26THG8k63LGrlX9VaiCLfS7BWIhW7MMZbOhPvwx64oMAuRKKlx64ltQkqzpWuUBj8ubUXPFq4f9iYL4yO4x-AkHWJFBrLOM8DTTWOxXm0yiG_Pdg3OD1BfX_VazAf40jBNsQe-ppgJh_EGO7vnyCtTmcIGNK8p5BGeLDjkX1_TaxPXZCQiHmkPNKggje3vRf5Oyt7po1I6Vt3rHjNW24c4XsEU81uJLIXl74snKZO7Hi1h1VGzngAB8huhoS3MtAC3zdQN7xmtDe82DdUAEUzH-MvKVkNGMUBV1IQN2BYqiUz0jy5ExR6byRxjMHhV7xK3ZTBzFLT-YEzc1WrVL9qWqQSAhx3XTBPEsgXLlCtVMaTn2zOkxB_gwjNjDkpANgFy_aD1qQWf9Evg3rMqTRPY5RZ95twUEBrLBW9Vtsk5fs5DX5cgNAIqDvdmvVC4Gp4GnFkbVO-bWRadmN3XjBU0LBWbMPh-1u8JiAHWFprCWsGS4oYQ6sc4h4zAbUWjXyCsmH-pJBn6MtMfAJqXKACX_3PKz5zYto932V3OCn-qCXkKYZzSS-JFCJ-MCgcbOJ_h9Kg46aEp3ZiggELb8w43EzZlwZR8Ea50pWDYMm1NFxw-7FB8GKA0hqLXlxPfj0VFP1BMZslolzCdm0UUUYDLQHn2Dxa-KWg31WCKwlvzUGglZDaVF-MPrE9oFNhdk-ZNCJo8IX1VMKqizqrbPjCxILDxhu6L29jIWGTzZOwI6SR6QhkNArrc3NNoyJsRtL0SwcoEzdlqVXhj9Xla9v-U2ZX00hBC8jZxHTrThCRi2DAf1Xds&cid=CAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=4224576697527326700&adk=3522027986&idt=275&cac=0&dtd=49

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

317d96a81b6f9b3b60b9e59433e0f04d37c6a1ebcb25857c6a35f3842a5de062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17680
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame AA52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECX_yVg7TTmHuWU-6UZGK1E&google_cver=1

43 B
845 B

26ms
26ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECX_yVg7TTmHuWU-6UZGK1E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNVUd2u5CUQUWR3O6eu8JaN1B6DRv45BfUgRauGVrs0mUnezxvlvbbiX6v9JxzEILW3PF9ydnNIyolTUuezQwmDId4aDog

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
an-x-request-uuid: f22e05ff-e52b-4a9a-afd6-c3bff1c61f5a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECX_yVg7TTmHuWU-6UZGK1E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AA52
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
an-x-request-uuid: b3d1d8ba-2291-417a-9fff-492ce9f6572b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame AA52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDOJEoUvW77WoJnJITXzdN8&google_cver=1

43 B
180 B

34ms
34ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDOJEoUvW77WoJnJITXzdN8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEJWDhusCGLPu5vIBMAE&v=APEucNVUd2u5CUQUWR3O6eu8JaN1B6DRv45BfUgRauGVrs0mUnezxvlvbbiX6v9JxzEILW3PF9ydnNIyolTUuezQwmDId4aDog
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDOJEoUvW77WoJnJITXzdN8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AA52
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTAzOTViYWEtYTUxMy0yODZiLWUxYWYtODJiZGFhZGM3MzYw

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTAzOTViYWEtYTUxMy0yODZiLWUxYWYtODJiZGFhZGM3MzYw

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTAzOTViYWEtYTUxMy0yODZiLWUxYWYtODJiZGFhZGM3MzYw
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 56ms
56ms Preflight
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CAAJtmSrwZOWmO4Ok-gaA65qYCNbHrIFyzqaJmLcR--mhk9Q-EAEg08vOMGD1lc6B4ATIAQapAlcVpRcvVbI-qAMBqgTmAU_Qnked3Z-IlPQWRAchRewmctcSMhDym3-K0v3-qLhdcl4Pti7DR-i1Myp7wVcTPMIShzqAzhU0wUGrSU6e0vxzgXMgt20xQIlwjNvXFKblDl3IpQcJhmKKEqv8iHPbKdaJ7RwF5lnuTO3h2kyjQnhK7SzjuDE2-TSkiEdTo3VzfPQkgOHuiRHvihGCUD3DqAIO2FzZ6NLy0Qj06BWRS24_5930hR9HwilU7fA2f1hrKSQf8hTNfAbVUni8m33i-9W1VvBFtXyqAyzymuf9Sy6tKCtJZvq4KMr0NZuqYX0DoKH-TJz4wAT5ipSYsQTgBAOIBaqkifBLkgUECAMYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH8OulxgGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChD42wkYiZvU8AHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJdmh0dHBzOi8vYWQ0LmFkZmFybTEuYWRpdGlvbi5jb20vcmVkaT9zaWQ9NDgzMjk5MyZraWQ9NjAwNzAwNiZiaWQ9MTgxODcwOTQmZ2Rwcj0ke0dEUFJ9JmdkcHJfY29uc2VudD0ke0dEUFJfQ09OU0VOVF8zOX2ACgPICwGwE6K1pRTIE6jLs-MD0BMA2BMK2BQB0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh6BcB&sigh=S5Uvr0ZwjAQ&uach_m=[UACH]&ase=2&cid=CAQSKQBpAlJWrV3stYr5cDtZN4A8kzkSujL07djRsR1RLQ3IwFzXGl2RjusTGAE&template_id=509&vt=10&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 31 Aug 2023 05:52:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame AF91
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CAAJtmSrwZOWmO4Ok-gaA65qYCNbHrIFyzqaJmLcR--mhk9Q-EAEg08vOMGD1lc6B4ATIAQapAlcVpRcvVbI-qAMBqgTmAU_Qnked3Z-IlPQWRAchRewmctcSMhDym3-K0v3-qLhdcl4P...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212901846859809805487%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%...

0
0

111ms
59ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212901846859809805487%22,%22debug_reporting%22:true,%22destination%22:%22https://adition.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%220%22],%224%22:[%2208-31%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213668344409796210193%22}&andc=true

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12901846859809805487","debug_reporting":true,"destination":"https://adition.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["0"],"4":["08-31"],"6":["true"]},"priority":"500","source_event_id":"13668344409796210193"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 05:52:26 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12901846859809805487","debug_reporting":true,"destination":"https://adition.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["0"],"4":["08-31"],"6":["true"]},"priority":"500","source_event_id":"13668344409796210193"}&andc=true
access-control-allow-origin: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame AF91 42 B
63 B 49ms
49ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTrrGyjPNS7S7nhilPatohcdqxEG7Hc2TulgpJB8pVJMNCzBqkglfKx4hZwitKSj8uLKoUDfCDEUa1g0ONvjHqikuR3YCk44Q7dTKw-BsGP-9uegwMwtZUbbtLB85-jjhHRERIATz-9qFGRprSUoc2k1JYygxalqmW0uxK0CwDIeT_rso&cry=1&dbm_d=AKAmf-AmqstYi39H1vUWLPhNI6hd-PhUn-mqR6EBxpPCakKg4AMpDR_5JXOx-GMymfF0AFK1sC_25qALOd_2DGBRPCH0gCmwRN7tS9ZA9lAy3tfaIASK2ebVKmqWpXx_qZavMApVKBbAs91YV9ZyEk07WAnNYTd1c0t-ypPFt1rmPKZBz5X26gE3nOxJZG3LzdIWLJHQQViGV2JCJFzlk6SeGjwF10fRa31lowtguATXfAWlkZYc4Bs-Dy0hmBRq5cDSZhkMGQmfGNdeRYrvRTCMpu90NmZ8nthDGhkHCvxJ8JNM_-tP6XOCpZHdrIcdgdz-eqv2rrnEjOHSrIC65-AWR6-v2fKu2jzkaY-PqIuvyFTQGAapAsqAkIFHc1UJDcnhpHP_xGpGu_Aybv1cFvsNEDbSdXM8Gmyt1wzfK1b59fwgIHISsV_VEvthW75UlLC1QIM3bCoX3fAv1cNq7SuJsHsFzBKAsxxrJxjeVGBl0K1l47G7WHFL2j_kPfWqSQSB4b9fW_94wZfDfxPoo0EELpxbbeylEkS5A8qYY2AAhhKnNgd_DeDRNVHGZu9Y-m0VaabDtAirWlV-FP4qX6DB3QXbUi1QcpUgC5Vtnbfwre8sk4RSUbJ7CbgV3jwWF8JdLi8VfeGvVzZ8djeiqaaxr0PzGJf3mdlQ-lbgRwqezFB1kTyFCPmVi_RLwCJ5Yv2Ur9VzS0Kefp101Lf3DVJK4Vm599pt-g71Pg7N9vEp3fxpARrAuIi1LaShthWcFMZPs-jPmeU_X6Ckmpl_gLazvnVnq1q0SIXDnFZwJkHdAfYvyho_pFQAqqkmjmmnt6V9Arj2UF3femfhgeQZBlcplfuWLxJ89P_VjgJEFnG3Of4sVg1LavXlaCJ75aK9ePSaJbIAAhOwnqh0gnH4Eo9s5Qs0NEDESb68ds1qp4fqBtcgXnopENRvQr3J8kKff0ylpc-G3ORoyJNPEw_20WRkoMTjdsrGBtq7btNFKisdO_TisqwjhLd91kC44iXZRVtRW2S4h-pjFiUv-29IXBlOhOPdgfM1p05sfdXR0PIv5D7jSPniIo6Y8m1Ny6fioOgnUx2CTr5ZyN8Soqm0Is8PrnunXQB4QqpIt-lTLWtf_Iw_BcE7RRrkMrLvQssbcLkJNtv_Go7EbkJFoBBKCtvC_o5rjKxes7cByN1OVTELlty0kHPoSS00M3wdPDwApqUz7wDmhYFOGBYovrK5pHVvlNTAhK6kjorX7Y2gIXbYEekimWfhhaW-2voCfzBIUugEYI-5pDPDDmZL20lf-nMFZmfbD3h_84nMmexJa5f2fGrmCXvaA5JJPIEKU0KWfbFo67f5RGubbXfiY_Py-b-E0zCNPaNaNdla7a-c2r0h43ocfctSUCOMbK9ZpMdp0g2lK1sqMj3coMrMTnmj0MnoCuWRoPT2zSKrV_wTeDoHXP0W6uOEiD6-PBCV6ZBw3QNB03lJF3lo6XgmxRxUO3VoA55Ef1L14Zz4Te3nE2CqMOqPiU-BiWVykw9OYoEjDwgjj0ITa8Ru6XiGnst6oweICTefzwgnJV-JpE5cRvN3XlfhjF33hVRvVw_5kpTSO268ZYCqrQOd4rtX3Ljsbhylmi5mAZrhGU2PG_piy2E8_VISusHju8OSonvc8lhrx6785c31BgoxmUaSb_E8OrI4aRfG4YyYN-0dNaPFvxkl0aIgJhnO_v4JOulUNVYUCHeTyWhi6gTezvS1m6aUcxEPTSGvZgNMh7DfLDO26l14ABv0K22Bve5tda-WNvwfeo3qbH3kZvItfUBj10Yimw2iOm66BJjBQ4eITEceG29chDTtGoJo2nYu-kd5OrUbhy-Gc4c1CTqaqsk2ExrQsitLbYfUi380wOqVFry1OVxR8-Iu6iB4i8o27nIzcPJmYjxR5JPy8TvsPkR0tE_wtE6L6oO5YGJ2q0GGxaId_JsrZjrqP29G7EigWEYn4TVABA3Hqm3vwgF6CNpfum26nmnSa_OLRnnHNTUqAaMa2WnCk8klmTIJUlw4rWV4aOa6EYjYjgdVRqhApO11J_arHvkMioD03HudTaUoSHylyZV5vUjOMQYHJja8_LeNDvrHg4SlxxhOvWu9muOrNw5sn7E8QJUa_tgPbNoRtuiMKUKsXnHcOnyrOSf-stbNDEtiHBXCAUYH7Mbeb3RJyQixUdfAwPfs36xI5YW-8SEdWaNRPHIU8qwK_0rix7SdFnUKnQTGttAkU_mo524tm5_dTGiSMEeUPBaqRf0oxctfvoFnPjUsTqt5JK381udeH1QBxUDOC0yapeVjPEYqI3P9nRcP_x6_Z9Ljz44Zy9EfHsbQNy5SpJzCcGHL3D2BxCWRJV5VUmP2nGVlRiRGS49jShywX9bx-_jnCcNdSAxVl8Gh9GVwQ_6ge7J5RMf9d_oB8vDyugEgix0uYbJf8NanlSOK1wmgM0wuiq9Y9EODtub9g4DhGey3hSOhjue1_BO-bfd_K7X-jX06WCu1PaTZdKLTMKWuCUL_EILIVfjCkzUAJg3CbwyzopHSDCovpSQfYHy0uuchrpuX-JvximkmgxdkDZdtIOO62eisTx6mhs5r4X-iU7Y8o9d6Cm7cfNMGAUEYGrKPgQbjDQW-OvD1LDCS7waWcxARC4r6MekEAAAKk1qnkxegS2If_PciP5o2du3EhQiYZHdl4kNWJQ21uIRz4Y8_7CA2t7Aox0Jdmbqqd_HY23Msu-jbyGbqjELA_zSJaktIiZ8_o0FSlgOIT2VW4za4fBeF61zExTj54Jyhex7y4zSCUMQNeCjTKoBaae25198V5Aj2RTSyyM2QiRaxucF7xu3ATKJ1c-2Ij5ESTmBXHbJNQakMsCSOfqihiO5V-qm4a2lb-uJP_EYBBE6UE5xH53jwAqEvxmxtYvmRpdQ-kYkj8L-g_aPfulv-rlihRs6W3hnfFWk23MSNbKNrSd7bgeOymGlJe5sBeR7TdzVIqwpw9eovdh60GSJ4HH87oMmXpe3H7Ir955J3unqzOUqNNnjV2P5WhXPEVd25z04AjLdN_G5jjWKyISz_eq8KdzeDinuzfB5HdUK6cd-qGQRgRCfNoN-IqQH-ois-I4PjO_oPls6WFaWbmn07DOt1ssaqjD9vMLOz4cxQCg1fc6VMfmvL6EX6m4qWc1xq3DoJ3aHH2AVWGDYPtt5-rdG8syjtJfgwgSRbxBy2skMWboPCjiPMIeNiIDUm0tWilUhcq4QYNi_Pf46EKsRUdT6Tw-3ZD7HgltqAIzZCOqHrzMIZ8LHqXKRSrKQRnJB7rK-f1nLp6El1c7CM_-rInpJWQjKQR3AomglR9ULbty591Z4z9sqn3cJMVR3M1zxviTG8RwJIqm-aJEwgYOwdXNeMouS7Q1jktORtw05bwe8h3IndOTG8gOTZ_XMf8Nulg-hqbTGCJr2jwxGxzBDGfVhptJt8PRBwjrNFfCjhBhG9W_IMGDTg6BxVgdZSKplu1rg2dT7w-9qRpMgjpo8BWtbZAIVaTyn6bqRSsxhP-VEHdJEZTGKO3TD3YjEWHeZ-eaFoUE9G8xlq--aPhl8VE2QdqCm0A72duUumJc8kcPyBzzDao2N2jIEKFG0XS7OdixmrLr1D4IUVsV0CkIS6K6dyBmJdac5u6f8JCdtl--Rja6UGwa2jfB7k_uWa8G2_A8O1f3ADS7lbzF3R7eHHaoySw7M6Aby5Of09wj4dESxpuuRju3ObZHd_sIK3JZR_9nB7Dd-nwXLHnk93KfQ8N444-4eLPib3&cid=CAQSKQBpAlJWrV3stYr5cDtZN4A8kzkSujL07djRsR1RLQ3IwFzXGl2RjusTGAE&dc_exteid=31238844363061950385872681406906116&dc_pubid=4&cbvp=2

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 banner
ad4.adfarm1.adition.com/ Frame AF91 36 B
36 B 95ms
28ms Image
text/plain 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4.adfarm1.adition.com/banner?sid=4832993&kid=6007006&bid=18187094&wpt=C&gdpr=&gdpr_consent=&cbvp=2
Requested by: Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 07:52:26 +0200
server: ADITIONSERVER v1.0
etag: 7273360239123497319
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-length: 36
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

1x1.gif
imagesrv.adition.com/ Frame AF91
Redirect Chain

https://ad2.adfarm1.adition.com/banner?sid=4774921&gdpr=&gdpr_consent=&kid=5986089&bid=18180487&wpt=C&ts=[timestamp]&cbvp=2
https://imagesrv.adition.com/1x1.gif

68 B
178 B

103ms
28ms

Image
image/gif

217.79.188.60
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/1x1.gif
Requested by: Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 217.79.188.60 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 05:52:26 GMT
last-modified: Fri, 24 Jul 2009 13:46:10 GMT
accept-ranges: bytes
etag: "3122740758"
content-length: 68
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 07:52:26 +0200
server: ADITIONSERVER v1.0
etag: 7273360239129003222
content-type: text/plain
location: https://imagesrv.adition.com/1x1.gif
access-control-allow-origin: *
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C94E 0
0 56ms
56ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308240101&jk=2883861095143595&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 200 all
csm.eu.criteo.net/ Frame CDEE 0
127 B 28ms
27ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 05:52:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9...

170 B
188 B

35ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9TquJrdqfxXyemD6a9NP5v6Uy5a-Kebbm1hQbaCOQlmiYl_ZTQ5TcC

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:26 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0dcb732bd13b1eb84@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRGZoq4YoDp9UrMbmbKsb_slHDep9MMLgIBIBlkIi9TquJrdqfxXyemD6a9NP5v6Uy5a-Kebbm1hQbaCOQlmiYl_ZTQ5TcC
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECBSuYblWcc-u9dDipMddeo&google_cver=1&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEt...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECBSuYblWcc-u9dDipMddeo&google_cver=1&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9F...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTAwNzEyNzEwNTMwODM0MjM1Mg&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9Fyyd...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTAwNzEyNzEwNTMwODM0MjM1Mg&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEtrqur6hBUHOwJfddgTqcT

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTAwNzEyNzEwNTMwODM0MjM1Mg&google_push=AXcoOmQYVAWblHz4tBIU9qmrkrrrPjyyOQnUHAOZ8vjfSavktMeSUxVmgWkKU2XsqsckYEXMm9FyydEtrqur6hBUHOwJfddgTqcT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEGJ7AIX6NTzcbePYO9KHLXk&google_cver=1&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx
https://rtb.openx.net/sync/dds?google_cver=1&google_gid=CAESEGJ7AIX6NTzcbePYO9KHLXk&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&google_hm=EwACXMXiz-ESO5SzsyeHug==

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&google_hm=EwACXMXiz-ESO5SzsyeHug==

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmSiJfbLj62i4zqIwXMOgNPAdI09p8z9MqNyb2HtEfpZKWq_3LpbemMIFm6D1x92iIZMU_VK4j2rPnIhEDFIO-TTxxHWx-Hx&google_hm=EwACXMXiz-ESO5SzsyeHug==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=O7uOWM-MQtax-lXCPNqnoQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=O7uOWM-MQtax-lXCPNqnoQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmT0Ymxqh9F8ELzhUKn1oloN3v1zvNiZDcMRJx9LkczvLm_uxMIT8biSSsjdsovj4GleepkRdXl9_O42ymZRrNdXY8U5GNXW

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=O7uOWM-MQtax-lXCPNqnoQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmT0Ymxqh9F8ELzhUKn1oloN3v1zvNiZDcMRJx9LkczvLm_uxMIT8biSSsjdsovj4GleepkRdXl9_O42ymZRrNdXY8U5GNXW
date: Thu, 31 Aug 2023 05:52:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://google.partners.tremorhub.com/sync?UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc35QoPk3jNYK6OrFVKaWIjyK_PgRXVZC_OQlXiRoYY5cpYuEGU3lc_FvULbchQYsKjMr...
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=YzI5MjBmN2Y4MTVhNGJiOGFlOGFiOWEzMWZjMjJkNjg%3D&UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=YzI5MjBmN2Y4MTVhNGJiOGFlOGFiOWEzMWZjMjJkNjg%3D&UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc35QoPk3jNYK6OrFVKaWIjyK_PgRXVZC_OQlXiRoYY5cpYuEGU3lc_FvULbchQYsKjMrLIm7Q

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=YzI5MjBmN2Y4MTVhNGJiOGFlOGFiOWEzMWZjMjJkNjg%3D&UIDF=CAESEMT8QpdAsN6TGOgEqUkcoso&google_cver=1&google_push=AXcoOmTLUmHULpeEKhHVlvoD_1Oc35QoPk3jNYK6OrFVKaWIjyK_PgRXVZC_OQlXiRoYY5cpYuEGU3lc_FvULbchQYsKjMrLIm7Q
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEAgp3xzuC5csWjQmMqR8d50&google_cver=1&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8OWcd8LXaJ7_EuPn7XpnhaG&google_hm=NjQxMjAyMD...

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8OWcd8LXaJ7_EuPn7XpnhaG&google_hm=NjQxMjAyMDQzMTE4NjI3MjQ2MA%3D%3D

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTpBCUKp7ePjqRu0DOMwTkDmg2VWRgItrU5_Md3XPq9OVWtKKqkDz5IE4NQd9KlCCBydSbKx8OWcd8LXaJ7_EuPn7XpnhaG&google_hm=NjQxMjAyMDQzMTE4NjI3MjQ2MA%3D%3D
date: Thu, 31 Aug 2023 05:52:26 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1FD9
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9w...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESELOMkYEw280qZBZwu2QeqZQ%26goo...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5QU9mYcjzKQ7OhzlIcp7ts4jirqgt4QjzrXnP-sPefLkXxhZJUYED2OnSCUpTlakSKSCg

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
an-x-request-uuid: d54443a6-975f-4166-8d84-f9741b2cbaca
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzUwNjU5MjQyOTczMzQ2MjcxOA%3D%3D&google_gid=CAESELOMkYEw280qZBZwu2QeqZQ&google_cver=1&google_push=AXcoOmREsnfLR4p9wTMuiS1qXf1kW3fof5QU9mYcjzKQ7OhzlIcp7ts4jirqgt4QjzrXnP-sPefLkXxhZJUYED2OnSCUpTlakSKSCg
x-proxy-origin: 195.206.105.131; 195.206.105.131; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1FD9 0
50 B 31ms
31ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LdKDF8LrqekQwNPLMEHmI0RFUQ9TnvE51eglnHw_lOw1uwUKxgZNi-qWv4oOouvBe_dKIeAA

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame 428A 37 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EECE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

45ms
44ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
URL: https://ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
expires: Thu, 31 Aug 2023 05:52:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 05:52:26 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/ Frame 161C 30 KB
11 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BylFa2fev6HXAMlvcTcHTTMN-JvOnnyqgDhGcpUpEEgTaXu5z2NOc56GxaC4E6X5Hy55gqlDusKMbQLQxlQsudZoHu1mNQLsN5exQvemfqnb9z4YOeuEb_DUpVtVmLi-ov2HJP6KmePwbMe-PSMzljQL_I9huwPbpVXJVX9_XgvNMxKeI&cry=1&dbm_d=AKAmf-AbHreDFr-lzTV9__zHoKNZwzs4O6soD0ZksDzTGB4ZIp01xat3UHvInW9vWqdx-57B-5I0bVs2nnk5ZdBDBWsew__vXbQdOz2oUvb9ZnPEBPBCv5zr8NTOyUZt-NSsaqYSsv15Az0y_c5o33O_uuSBqvSvGGxpDlK6n27TwxJ4rTMi2qwY8r-k58yJsq4JDgETZJGMpWgIVDWD7TB9LeBMc7IKnefAsKxhMtMa0xd8SBuUekj_9t0ER9NGEu0J4boDTXaT1qVcPNNsr3CvWRbFP5v57gjHtQI5mPjQGH1vwo95-RELv8qhiqiTSHAhBsDBTrIhFxgyPWpMUtCngv8fdrChMFJnDachy_8lJGj-GUQVOP25EeuLEm4D1mlrTyULT47WpXUaOYahSM3Y8iavdBFi5bFri_y3NzM7DiyC7rURsP3qfmcIlE2TPnSvDG6w4qO7xndwl3MAKEDbzRQU4PhDOAKZ1v7Q_yaXT7566jJvdlEXKGxE4y6jd-tbSl4I0HkcADHZ1siW2kkgVRpqH9mzJR4rJiFsbvSNFa09EkWWFlRLO27fjmIkArd-1FWJ9KiCI8-WNWWsbXhmoidnSv6xhXOQWCCFxKOYzxx6Y9liH5JrVIAlECVIC-hL5dyqzURIp2VJkETHBITh0SBHnl866bxCEYAt1IhO7Vj1hyE7PjJIP2KoXy3s0v5IOqky0kSSghiBAFhcEcgwnUcQlIoIQCeBAoIZnviUWDeWh0EbkzDSwos16nfRLl_rLxO3ElTkUzhlGis2yFfxZKWaS7MIO50zBAH6nDDkKYLD5yuIOXJjNBMa5traay4ioiU3VGMtYXHEbHsymbgAGAEtEsdpcgTCiGtICBdUR4s8R0lWfU7LVawd61QJnc5kNkD3NH4_DBkARvX1NA5l2G1T6yiiyHmGaVoWyMw5WIs0gdNpxJhSFgSF635y_ena4bTmyyZLnwEjkCVZTcyPgcph0NrR6qU-Y085SiRmrZXBihoZuFRTkVDCJhi5pyElgC0b9c7SbKamw2hEH8-r431wtA2OO5FlioQVpxX7toDPUEWcN41rF1zMXyQLMuDpgx_DJExJMsIVfYPE73JVg_1mnSeWecDaZ2kdxR1RC39AndOaayCR8lTGTEgkvD92n0gG5HeuAbj8BQfucKasmgPyEx-T6UUj4BwJH-mjmi2KN2YeEvxMCrwO5nD3GhgcZfSK_zzBKfIvkeBQcgo8DO-DPsPC2FOxpiXLMmLB-Ah4dg1hfKHOKgWbvqBG7-G-Onz-ciMjc4LyofUca4WGMQLkucQH9Zo6q5MrGzqq7Z11AmLvaJqaAMBuoBnzFm1yiWqfCf3RRT6kZbkzra28mWUiuwqOevYBuDk4dSExjvAI6BYp0IMe7Mb2xThvlPAkOQkat4e00cOZpp1-Dn0y4Q7VFaWmJPErh9SXdagdGEwGr6RGTaeHrdAis2FUUXmDv8uN92NnCLjFctMkTmBK50K99rCP4UoKbtqPP8YgnpDcJ1loIRs2MYoiRhaj84r6bCs4V1Rk44CzfLu2uB9PWiLuNBKNE3iiQd-Op9f4Qta-d09EYV6kSbXVE62Ec65kpSrZ4POfVc3T-dmNQ8roY3SgrU4mIOIfciOCSxIeB9wBruT--sp-Zc2nebP8Sne15GZalUVvIlBTd7pIIGIJ_u3r9UWg9K1v_N-c4gSZF_LN0xsE-ZAhICLPBIx0p67VWCYW2CXqfVHXFVGrUKR0-tBxbx_Ss20OcUWA75TfOgVpxOgLQctzQLVEsil_NGzcmyAfGGSopNdwdhUg5elXPat0PATbJ0Qu0OzdgsBd_e3dB1gay6-vztR1f6HrEfpx8eaViNoRLxiNokW9N0EOzdZfSGxUg1bPDGsQ-vjXxKjSjEIN_6zSstVL1Wmv0QmvvYRdmpUGPkq212HnIrfBTr3ek9j3t27f2Etsihw9Iv43ZDxvQ1XEB87nFe2xr9xH20Kbx_fArytyoQhXPdICdtKHnECq1O20N92WRMEmZNtdoN39Ekl4WQtqA6nrNNcvMmWvlYUXS2NATmkmsZHCYYa2fL0icLT3lVol6iDZOqC44ug1pMxZ0YoWNLXURGaUicyjgFw6qXz1Ee7Lyz3z0QpvDQCDtJcBH_IwRJl1Gsu6pOfWcw9pFTYoyx4wFjnLLxEKfjC_MSKQxIJl7ftUmUpul4CyULzis5ipt0l99EqstJRW3RsITeztYVBKMLjtOPgNjVHiUIcFQFjgCTPODRnGppoZUCmx-ixT5WSQYEBWSaIyKbD6jVOqcoOjTYipzBFT4CIpesxI4xSfitXutD4DLTrTo494ACbUTLJcWfzKaujyXi5Yp3bTDx434l7QIe_JqlKRY9BHKOgrkK1OoWaUa1SlKFTAOVpj-3Y-smaqeRI6VF4x_vjydqKb3Knhyu3qShGGMOtwPIYwf1y3aIWt0QFksWrmOWSb_FbcyczSpJzjXetKixB9AglhkQHdevSISp8zHf4aRMZzUJ5cD2WmjJECpFhuOSIHGYXfVrw_yCquBHJJO4cP4nQ9GcS2XezS8wgkg8NKFcbO1wf2uzMYj0CQoqI_2FaA2gWWkl9mrEn7InXGbpX4g29aA9I66o7QVycdQThmKoLSWuNST_avEIX_50cvAimdVgEJCyfF8vM0Cd30JBK2vDw56xgzi3tBqLDvhVkOajJoBwS50w7uxSNoxsqWvLmI5SpIAXwWAmqOeJQ6iF9OAW5N-u-zyKym5oI7Ln5JD_yQP-60sBAGHpFKJqL7eyikLzB7XSQmfRZAPZccyHecfqWDxxiZbppIavAQoj0o3Bi-Cy6QZrt241cXTWYrm7aev0y5i18K6nJ7gQOxtir94wV4i9ioKdVZpl7faOtwWLbelttSIB26THG8k63LGrlX9VaiCLfS7BWIhW7MMZbOhPvwx64oMAuRKKlx64ltQkqzpWuUBj8ubUXPFq4f9iYL4yO4x-AkHWJFBrLOM8DTTWOxXm0yiG_Pdg3OD1BfX_VazAf40jBNsQe-ppgJh_EGO7vnyCtTmcIGNK8p5BGeLDjkX1_TaxPXZCQiHmkPNKggje3vRf5Oyt7po1I6Vt3rHjNW24c4XsEU81uJLIXl74snKZO7Hi1h1VGzngAB8huhoS3MtAC3zdQN7xmtDe82DdUAEUzH-MvKVkNGMUBV1IQN2BYqiUz0jy5ExR6byRxjMHhV7xK3ZTBzFLT-YEzc1WrVL9qWqQSAhx3XTBPEsgXLlCtVMaTn2zOkxB_gwjNjDkpANgFy_aD1qQWf9Evg3rMqTRPY5RZ95twUEBrLBW9Vtsk5fs5DX5cgNAIqDvdmvVC4Gp4GnFkbVO-bWRadmN3XjBU0LBWbMPh-1u8JiAHWFprCWsGS4oYQ6sc4h4zAbUWjXyCsmH-pJBn6MtMfAJqXKACX_3PKz5zYto932V3OCn-qCXkKYZzSS-JFCJ-MCgcbOJ_h9Kg46aEp3ZiggELb8w43EzZlwZR8Ea50pWDYMm1NFxw-7FB8GKA0hqLXlxPfj0VFP1BMZslolzCdm0UUUYDLQHn2Dxa-KWg31WCKwlvzUGglZDaVF-MPrE9oFNhdk-ZNCJo8IX1VMKqizqrbPjCxILDxhu6L29jIWGTzZOwI6SR6QhkNArrc3NNoyJsRtL0SwcoEzdlqVXhj9Xla9v-U2ZX00hBC8jZxHTrThCRi2DAf1Xds&cid=CAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=4224576697527326700&adk=3522027986&idt=275&cac=0&dtd=49

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:23:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55715
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:23:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 161C 41 KB
13 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 04:22:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 350998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 Aug 2024 04:22:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DC14 0
0 56ms
55ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308240101&jk=2845785222349537&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D824 0
0 56ms
56ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308240101&jk=4233398476759937&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85D1 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7563188817597&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85D1 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7563188817597&version=m202307240101&ct=77&x=1&cor=7346253054325709000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 85D1 29 KB
17 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APJOU2cYotlsyB1GweRVFyVQhQ4bglKiQQPvCtQZf8gPhyEPB1dYLa7LcJgamASsAJRHIGBftsXbIxNuMmCQ4W3M7Mz271vDnV2BoaWh68DCJ7WYm3jKMqleK1FNBHKIoehu8621OVlijtAkCpoOaLA6gnFNu0KEiRMxpnozhhJzDR4_A&cry=1&dbm_d=AKAmf-BPhmKe2-rJrjEMKK9VXIW07OAac1gnrsaYMJ7lO5P3VBZr8mB9pCj0DjRpdTbKhbYxfgJKIZr0lpF8-LxEqfDGU2Yx0BBn6XwwWxjHlPpvhFYwlPsLrJTA7yeuyv9I7MEqheSOLNVKNqxN8nwdAdy0MOh2SplqlAz6Phs07CGqEP-XvBBjUqvMZpcZuuKgbpibWNOW2E-NEcW7FWmpzfVARGU0QJlLX45MvhHgR_nikvwUj3q32OfU6wphtmgBeXSVxRJcBTR4fuRBp8P4XSA5cWCZC19TkkhSZETg1d9mwjmv82PQO_0MhdW6Quf63Cv0lyWzDLCPlkQoP_WkMVToD2sQRqVlTPl_uDKuDU_-3ymw-sRREq864Kt_suqMI2nIHaoxY1vLZqrvG99cxtbji6iuPR319KIlmubqaQxl2tuOZ9o9DhyiKnMAD3HR-Xo1IAZ3WCucmpK8qxr3XVvj2ULPbDv46JU_G1qKUOYXl2yYMjv4ktxfvfd80Pcdw3P92h8ou_JWUSsfVwtHnNfLxFeVku6_hm3djuoJ1kWHYQ7HbqXDp77Spwm9QJGj99tkdWE38tXiSs_6hTgqprMZi36UF1ssXEDrWJWx8RxrOjeVxMLtTaEIBmic59KJu_vFMB6trrmPm54tIdHEYv_Yy6h5lUXcla2bi_N0IY12fxkmPLrpL7jae-zmVQu3RoISi9xIznuQIlD4WMfXnpA8YxENV-dDz7mg21g8QHOBPsWAQ0tB30GR3FErNOCjbs0Gvp3K8dgiEFuD6rbW80eqqpzXwHlDXwYsFqKEfomXuzPFGPLZ5cUSR_FT6kKZu5kN4zodgg7kgntqTe2RT3JFfMI2a7JJFJ6tnI39jY2JOgngwVyppvT544nHNC31aRvI9UmIZGFYmhQNrjWTzwrVhN7s-pMOK2cVCtoOvi-Polpzo5vmjL_qNaShlGx4p7hE6y2qVlhrpvchUa96jisWrs3ernOTnzpm4wtRQIny4fnJGJEvASWbYaqo2andBnaF5xfZoopJPc-eaxd9r89GioE3e6_P7_z_wtPZnK19K7DTsEhwRqPC7vS3ejK33JubI7EYhFVFMRVOEX5-FEWxPZcLm6olx-CILJSlRKUt6LnocbJKC0knm0WgA7q2cbkbi21wOXyIL3CDrTB56baKjnsiDkojM3SsOoe9JMIZVuI8DXQ1DMuOznbP-XVeYHS-rcCDbDRrn4EGTgD5DxFob_K_waQyRZMZ_Y2WauYkAjfsQCBZAVX_lerYk3vKqKly_myieXVpgmGt7iHFOUp7HMBXKPdIgJOmI0EhteZy9SE7_fn3hR7VEX2dQtAZ7Cp_nCQoViCpGTTt2JsgAfx8mWdXEdNRNl9-pWsl37JHJ6rOBdl6o6XP8YXHNhQIY3WoKt62og3eEs9KdD3MpOD7AxVcQa15zV7nBmUVX3o-ahA5Te4qZtERiskFxs-k-txIqDI9mNK2VQrt7GGBXLHuxCF4YIyVOV6DBHpp-RQ-P3K-TmhEw0CI4WZZwVEXdcQlCpbNyQQxS2zIX4CuP8BW1mT4sg7nbM5GxMV2gnaQ-Q_pfr-F2JNK4Z1FcKQx5oI5jYc_s42DbJnCDrS9cFP3R3gQlDIHCdsXCJX4MBMMORHSIYHEMry-4ZKn7_LnI9ueaxTRqcwGBFyl77PyIE2Ab2WkijDEg9zlxEFrYmZ-5sUTKlfMWtmBVlGJsWZNlpmrHAF3x9E2vqTIO32Z3QiV4HSfrxYxPkB13OBRZ9qk5Vzd3W3Kde57SSzMHTC2ltOmeoUCntiKgfdIhPdWfh8INGA3aKQZssEdUCAlNDpckg9vdZ0CTLf_54L65EGLTVXgt6T4wdcK0JB91gh87hH07IXbLSeOrqB71lhWyedIsHpHEeFD-v7HIAMHZoYO1hxKYhNPlaGgp_-FwCEdUinybZauMbHXHtMmTZ1j98wcaydgzpFgXrwWpvAVPriJS7S5Lu5sbVPDoBNJMNaHJtLxePmgk5v7eNfHAWbTF0a3Vdd_k2BrgVFNDbOVFoHCSX3hG0cIVY_BlkjLPtl0A3su-f4_FFANXUX5X3O8Tz-7qZSu8MIsh1Pt4eTgrnGBs1n61IqbOSRQaZ2xhH1_KYZfCx8BXhxQRADL1xH6Uwle2meTclhz5NSAwFfwZu7VTirVHFh-PRFFwceY4Qivo8ZjYJj6wjaKpT2Hr0Nt9MU6hkdefaeS2v8ruyzZe-AaJJXi_ng82Z8zb8lyv9aEl_OAEZwQpvx4rMYNyBQHPkswNQTzsjBE0QB7yPfiCidumC9BvFPoXGE7CI3yjSsqQ8SS5ecZD44QoNQwdcuyq8s95Z-h0Gr1owFoy1FD3MH9CkdrZOgR19UeSmby5W8RoqJ_8IrA45QZJkF6w21ZXGSOpWbVorxGIzeAhmeHHwo4nM__gcqvEq1LaMn-p1SNl4LMUnTL4mb9O13WPzbndL7NWdKDxcp7MP2fNlLby8zaW6XmLMQzKQboFHv0_BFVvppfn5srk0zrOs8kfLXSb8UWR9itrnWYsX6WkooH109QTE7Zn4UqYeX20dPpUvciDxRJFokxsX_IgpSI8yFj3acQl8ANQNiRxWrf8yRgqMQrIa5ZQzdaYktvz0dtexbyEgF7BqK30z7iHQ_ov4GNWfFuX53LKJ5L7FAn2B9Q_hfLLkdapINQ2DkgiThPnET-dbq7DcfihJSL65_jpLEvAeVdCAAxDc8YkvoaMhOvIEBp9Pyb5fqBgpOxZdYurczpvuH39j4Z6T3zu1Td7H0Pkg9DRL8YvrM7ZokQv-fQUu8itod8SpIvxeBRM6X7S6_WgdGO379cv6Jy37wZPaCITCG1I4bWD9ZbxzjP2D-qaq1Qt-oeQZIXdT3Mj1Ofq_jX27P4C7hUpgtbEqTyWo0QqKK4EIop6sm9Hm-azHhXKGPvynCE7t12zhSpfq16qPevVdImDrUMzk_Tul46ARF1jp4LwlDIFsKzBTIwLzmF425hqPp5Oa6UuMH1jIiFaSv6ZSfNwygVBomEUIOvCn4IhonPxqLRGnSi_OWYM1RMwQmjgvgu5ZQ_-NJjHqKx4HVYcG9G8FNdsdoJ_p3YLuixqtFzMuFQTBB1kT5Tvg1a6tpF7i82VBAF77BMnGpoUq01HU-1FWN7WgNL6k303Qpdpsv2fLSJnQUZY9vsgr74e6tEPj8EHq7a8nB_PO6-SOINPGsRdCW0MQGqvSqKW3UdQPi6FyVvi2ndGIuYLk87VdOmYY94usNabDgGbpASmpG8eBuNw5_onhtQ-qRha9ZsMygOm66sxF4fqighIJjj3TU8jyMz89VpE9PDosslSDXflpjlHASdzKrxPte4j2ghwF0EM9F5e4aFfCtos6WHm0W6npTRXbvhWL52URQkGcRe4p6NoWnGCLEJpMYDpmcWh5fAd9Or0nHuLO3zZEtPBDyOOHSCHl3TACPP1ITjRcI8jzWX6Xv8aBQFoLsBRSF9JotBgKVbtyS-eGu-YHuegcli526Nf25mX73O-YqhFBJQ7yyjz6sQrsjv0plvMnVij-jxoxdEFQNRosfPAvaCz4hm_n-aNz49sV3PY9VfjNOjuBDWzRDuBAND75llwogpTGdcixfw7E0pJB7YxVBghx1__06idtJMOyFPQdfSc-HPmBu_07igOxFV02SdDoFPKrthGw11ktaRvl4He4WSab8w0WdD5E5A&cid=CAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=7346253054325709000&adk=676413724&idt=152&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11496ce99b7a9c0fef0123dd8716306c79f7d35898b92546844a98f54cfec6ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17654
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 161C
Redirect Chain

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://google...
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%...

16 KB
7 KB

147ms
36ms

Script
text/html

18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: daf0d89f9e39725a6fe87f657e397661ae655b62d8dec80f97c7d4368d5ee7f6

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
content-length: 6514
expires: Sun, 05-Jun-2005 22:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 2A25 91 KB
23 KB 95ms
24ms Script
application/javascript 2600:9000:223f:8c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 29686570
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: GtKMUmwW-bVVOo26G3yJiaXHfEGQmlnwiWXeNtBK1ZeiNoMkGTPh1A==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 161C 43 B
215 B 634ms
199ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=b584b2f1-0c38-fe02-b123-b4ac958facb9&tv=%7Bc:mQH1MW,pingTime:-3,time:87,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:88,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B81~0%5D,as:%5B81~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&br=c
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 161C 43 B
215 B 822ms
392ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=b584b2f1-0c38-fe02-b123-b4ac958facb9&tv=%7Bc:mQH1MZ,pingTime:-6,time:90,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:90,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B83~0%5D,as:%5B83~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&tpiLookup=ao:www.xgcartoon.com*%2C83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com*&br=c
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8615 42 B
174 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuFC8j0kbYWBFtPWlT7ehlz8QwlYLlaLTk3JksY3oCSQOwDtE308jEqCVBzJBKUluCDY64HRbFzBF3PdHXMrZl96NBUpSD9WhWqp_k&sig=Cg0ArKJSzAh3k879SsjgEAE&id=lidar2&mcvt=1104&p=0,0,90,728&mtos=1104,1104,1104,1104,1104&tos=1104,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693461145241&rpt=373&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame FCA2 37 KB
14 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame AC89 37 KB
14 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 129ms
58ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 31 Aug 2023 05:52:26 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 161C 43 B
215 B 603ms
198ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=b584b2f1-0c38-fe02-b123-b4ac958facb9&tv=%7Bc:mQH1Nr,pingTime:-2,time:118,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:498,beZ:499,mfA:501,cmA:502,inA:502,inZ:507,prA:507,prZ:513,si:520,poA:522,poZ:580,cmZ:580,mfZ:580,loA:587,loZ:591,ltA:616,ltZ:616%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D,ha1:%7Bres1:1,ps:1,ts:1693461146762,psfr:1%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:118,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B111~0%5D,as:%5B111~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:23,sinceFw:94,readyFired:false%7D&br=c
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/ Frame 85D1 30 KB
11 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APJOU2cYotlsyB1GweRVFyVQhQ4bglKiQQPvCtQZf8gPhyEPB1dYLa7LcJgamASsAJRHIGBftsXbIxNuMmCQ4W3M7Mz271vDnV2BoaWh68DCJ7WYm3jKMqleK1FNBHKIoehu8621OVlijtAkCpoOaLA6gnFNu0KEiRMxpnozhhJzDR4_A&cry=1&dbm_d=AKAmf-BPhmKe2-rJrjEMKK9VXIW07OAac1gnrsaYMJ7lO5P3VBZr8mB9pCj0DjRpdTbKhbYxfgJKIZr0lpF8-LxEqfDGU2Yx0BBn6XwwWxjHlPpvhFYwlPsLrJTA7yeuyv9I7MEqheSOLNVKNqxN8nwdAdy0MOh2SplqlAz6Phs07CGqEP-XvBBjUqvMZpcZuuKgbpibWNOW2E-NEcW7FWmpzfVARGU0QJlLX45MvhHgR_nikvwUj3q32OfU6wphtmgBeXSVxRJcBTR4fuRBp8P4XSA5cWCZC19TkkhSZETg1d9mwjmv82PQO_0MhdW6Quf63Cv0lyWzDLCPlkQoP_WkMVToD2sQRqVlTPl_uDKuDU_-3ymw-sRREq864Kt_suqMI2nIHaoxY1vLZqrvG99cxtbji6iuPR319KIlmubqaQxl2tuOZ9o9DhyiKnMAD3HR-Xo1IAZ3WCucmpK8qxr3XVvj2ULPbDv46JU_G1qKUOYXl2yYMjv4ktxfvfd80Pcdw3P92h8ou_JWUSsfVwtHnNfLxFeVku6_hm3djuoJ1kWHYQ7HbqXDp77Spwm9QJGj99tkdWE38tXiSs_6hTgqprMZi36UF1ssXEDrWJWx8RxrOjeVxMLtTaEIBmic59KJu_vFMB6trrmPm54tIdHEYv_Yy6h5lUXcla2bi_N0IY12fxkmPLrpL7jae-zmVQu3RoISi9xIznuQIlD4WMfXnpA8YxENV-dDz7mg21g8QHOBPsWAQ0tB30GR3FErNOCjbs0Gvp3K8dgiEFuD6rbW80eqqpzXwHlDXwYsFqKEfomXuzPFGPLZ5cUSR_FT6kKZu5kN4zodgg7kgntqTe2RT3JFfMI2a7JJFJ6tnI39jY2JOgngwVyppvT544nHNC31aRvI9UmIZGFYmhQNrjWTzwrVhN7s-pMOK2cVCtoOvi-Polpzo5vmjL_qNaShlGx4p7hE6y2qVlhrpvchUa96jisWrs3ernOTnzpm4wtRQIny4fnJGJEvASWbYaqo2andBnaF5xfZoopJPc-eaxd9r89GioE3e6_P7_z_wtPZnK19K7DTsEhwRqPC7vS3ejK33JubI7EYhFVFMRVOEX5-FEWxPZcLm6olx-CILJSlRKUt6LnocbJKC0knm0WgA7q2cbkbi21wOXyIL3CDrTB56baKjnsiDkojM3SsOoe9JMIZVuI8DXQ1DMuOznbP-XVeYHS-rcCDbDRrn4EGTgD5DxFob_K_waQyRZMZ_Y2WauYkAjfsQCBZAVX_lerYk3vKqKly_myieXVpgmGt7iHFOUp7HMBXKPdIgJOmI0EhteZy9SE7_fn3hR7VEX2dQtAZ7Cp_nCQoViCpGTTt2JsgAfx8mWdXEdNRNl9-pWsl37JHJ6rOBdl6o6XP8YXHNhQIY3WoKt62og3eEs9KdD3MpOD7AxVcQa15zV7nBmUVX3o-ahA5Te4qZtERiskFxs-k-txIqDI9mNK2VQrt7GGBXLHuxCF4YIyVOV6DBHpp-RQ-P3K-TmhEw0CI4WZZwVEXdcQlCpbNyQQxS2zIX4CuP8BW1mT4sg7nbM5GxMV2gnaQ-Q_pfr-F2JNK4Z1FcKQx5oI5jYc_s42DbJnCDrS9cFP3R3gQlDIHCdsXCJX4MBMMORHSIYHEMry-4ZKn7_LnI9ueaxTRqcwGBFyl77PyIE2Ab2WkijDEg9zlxEFrYmZ-5sUTKlfMWtmBVlGJsWZNlpmrHAF3x9E2vqTIO32Z3QiV4HSfrxYxPkB13OBRZ9qk5Vzd3W3Kde57SSzMHTC2ltOmeoUCntiKgfdIhPdWfh8INGA3aKQZssEdUCAlNDpckg9vdZ0CTLf_54L65EGLTVXgt6T4wdcK0JB91gh87hH07IXbLSeOrqB71lhWyedIsHpHEeFD-v7HIAMHZoYO1hxKYhNPlaGgp_-FwCEdUinybZauMbHXHtMmTZ1j98wcaydgzpFgXrwWpvAVPriJS7S5Lu5sbVPDoBNJMNaHJtLxePmgk5v7eNfHAWbTF0a3Vdd_k2BrgVFNDbOVFoHCSX3hG0cIVY_BlkjLPtl0A3su-f4_FFANXUX5X3O8Tz-7qZSu8MIsh1Pt4eTgrnGBs1n61IqbOSRQaZ2xhH1_KYZfCx8BXhxQRADL1xH6Uwle2meTclhz5NSAwFfwZu7VTirVHFh-PRFFwceY4Qivo8ZjYJj6wjaKpT2Hr0Nt9MU6hkdefaeS2v8ruyzZe-AaJJXi_ng82Z8zb8lyv9aEl_OAEZwQpvx4rMYNyBQHPkswNQTzsjBE0QB7yPfiCidumC9BvFPoXGE7CI3yjSsqQ8SS5ecZD44QoNQwdcuyq8s95Z-h0Gr1owFoy1FD3MH9CkdrZOgR19UeSmby5W8RoqJ_8IrA45QZJkF6w21ZXGSOpWbVorxGIzeAhmeHHwo4nM__gcqvEq1LaMn-p1SNl4LMUnTL4mb9O13WPzbndL7NWdKDxcp7MP2fNlLby8zaW6XmLMQzKQboFHv0_BFVvppfn5srk0zrOs8kfLXSb8UWR9itrnWYsX6WkooH109QTE7Zn4UqYeX20dPpUvciDxRJFokxsX_IgpSI8yFj3acQl8ANQNiRxWrf8yRgqMQrIa5ZQzdaYktvz0dtexbyEgF7BqK30z7iHQ_ov4GNWfFuX53LKJ5L7FAn2B9Q_hfLLkdapINQ2DkgiThPnET-dbq7DcfihJSL65_jpLEvAeVdCAAxDc8YkvoaMhOvIEBp9Pyb5fqBgpOxZdYurczpvuH39j4Z6T3zu1Td7H0Pkg9DRL8YvrM7ZokQv-fQUu8itod8SpIvxeBRM6X7S6_WgdGO379cv6Jy37wZPaCITCG1I4bWD9ZbxzjP2D-qaq1Qt-oeQZIXdT3Mj1Ofq_jX27P4C7hUpgtbEqTyWo0QqKK4EIop6sm9Hm-azHhXKGPvynCE7t12zhSpfq16qPevVdImDrUMzk_Tul46ARF1jp4LwlDIFsKzBTIwLzmF425hqPp5Oa6UuMH1jIiFaSv6ZSfNwygVBomEUIOvCn4IhonPxqLRGnSi_OWYM1RMwQmjgvgu5ZQ_-NJjHqKx4HVYcG9G8FNdsdoJ_p3YLuixqtFzMuFQTBB1kT5Tvg1a6tpF7i82VBAF77BMnGpoUq01HU-1FWN7WgNL6k303Qpdpsv2fLSJnQUZY9vsgr74e6tEPj8EHq7a8nB_PO6-SOINPGsRdCW0MQGqvSqKW3UdQPi6FyVvi2ndGIuYLk87VdOmYY94usNabDgGbpASmpG8eBuNw5_onhtQ-qRha9ZsMygOm66sxF4fqighIJjj3TU8jyMz89VpE9PDosslSDXflpjlHASdzKrxPte4j2ghwF0EM9F5e4aFfCtos6WHm0W6npTRXbvhWL52URQkGcRe4p6NoWnGCLEJpMYDpmcWh5fAd9Or0nHuLO3zZEtPBDyOOHSCHl3TACPP1ITjRcI8jzWX6Xv8aBQFoLsBRSF9JotBgKVbtyS-eGu-YHuegcli526Nf25mX73O-YqhFBJQ7yyjz6sQrsjv0plvMnVij-jxoxdEFQNRosfPAvaCz4hm_n-aNz49sV3PY9VfjNOjuBDWzRDuBAND75llwogpTGdcixfw7E0pJB7YxVBghx1__06idtJMOyFPQdfSc-HPmBu_07igOxFV02SdDoFPKrthGw11ktaRvl4He4WSab8w0WdD5E5A&cid=CAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=7346253054325709000&adk=676413724&idt=152&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:23:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55715
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:23:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 85D1 41 KB
13 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 04:22:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 350998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 Aug 2024 04:22:28 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3D82 22 KB
8 KB 23ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 350996
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 04:22:30 GMT
expires: Mon, 26 Aug 2024 04:22:30 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 85D1
Redirect Chain

https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://google...
https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%...

16 KB
7 KB

30ms
30ms

Script
text/html

18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 79b9821a201bd541abd96cc1e32444736e0c0a03530dfda904a0e719bcd359a8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
content-length: 6517
expires: Sun, 05-Jun-2005 22:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:26 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bs.serving-sys.com/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame EC53 91 KB
23 KB 24ms
24ms Script
application/javascript 2600:9000:223f:8c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 29686570
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 0sTNfrVTsnoypfWrCs9l7OQLRtW_z_r-EXVYiFhSLGrXGvDYWW5DWw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 85D1 43 B
215 B 681ms
392ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=cf52fac5-ad08-99d8-dda5-d0c66b35ed3e&tv=%7Bc:mQH1Pj,pingTime:-3,time:77,type:v,im:%7BpBlk:54%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:77,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B71~0%5D,as:%5B71~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuiogY+11%7C121%7C131%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&br=c
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 85D1 43 B
216 B 475ms
198ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=cf52fac5-ad08-99d8-dda5-d0c66b35ed3e&tv=%7Bc:mQH1Pr,pingTime:-6,time:85,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:85,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B79~0%5D,as:%5B79~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuiogY+11%7C121%7C131%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&tpiLookup=ao:www.xgcartoon.com*%2C83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com*&br=c
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 85D1 43 B
215 B 459ms
199ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=cf52fac5-ad08-99d8-dda5-d0c66b35ed3e&tv=%7Bc:mQH1PL,pingTime:-2,time:105,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:476,beZ:477,mfA:479,cmA:480,inA:480,inZ:484,prA:484,prZ:495,si:501,poA:503,bl:530,poZ:530,cmZ:530,mfZ:530,loA:561,loZ:565,ltA:581,ltZ:581%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D,ha1:%7Bres1:1,ps:1,ts:1693461146915,psfr:1%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B99~0%5D,as:%5B99~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOuioer+11%7C121%7C131%7C132.1554652-73029357%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:25,sinceFw:78,readyFired:false%7D&br=c
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F758 22 KB
8 KB 22ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 350997
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 04:22:30 GMT
expires: Mon, 26 Aug 2024 04:22:30 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D82 37 KB
14 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

GET
H2 200 versionsFR.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/versions/ Frame 161C 213 B
498 B 137ms
24ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/versions/versionsFR.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:b584b2f1-0c38-fe02-b123-b4ac958facb9,c:mQH1LS,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-dfd6d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:22,oid:903cb8f6-47c2-11ee-8596-d22de3852da9,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 47a8a6f78b6bc5902ca04c5aee6e8a85fafebd0ba5002db63ed4a696f62d3b73

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:48:42 GMT
server: AmazonS3
x-amz-request-id: HBSH84SNGM3J80W9
x-amz-cf-pop: JFK50-P7
etag: "8eb034f9e4568de857489b0930057a57"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: ZDNtRd7DwEoJhxR_n5mbjKlQgoxYEo64DGQwFvsxmlkyyLPcGhHJnQ==
x-amz-id-2: RfXonrLZtit++P8JTnOvNj36h1JxRKWieRaS6EQJBOQLi82BQxmH6odMeRYldSqDUNqGUeY7R8c=
content-length: 126

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4DAF 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 67108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 versionsFR.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/versions/ Frame 85D1 213 B
498 B 90ms
25ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/versions/versionsFR.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:cf52fac5-ad08-99d8-dda5-d0c66b35ed3e,c:mQH1Os,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-9tfpn,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuiogY+11%7C121%7C131%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:904c2244-47c2-11ee-96d1-ca15dec157a0,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 47a8a6f78b6bc5902ca04c5aee6e8a85fafebd0ba5002db63ed4a696f62d3b73

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:48:42 GMT
server: AmazonS3
x-amz-request-id: HBSH84SNGM3J80W9
x-amz-cf-pop: JFK50-P7
etag: "8eb034f9e4568de857489b0930057a57"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: ZDNtRd7DwEoJhxR_n5mbjKlQgoxYEo64DGQwFvsxmlkyyLPcGhHJnQ==
x-amz-id-2: RfXonrLZtit++P8JTnOvNj36h1JxRKWieRaS6EQJBOQLi82BQxmH6odMeRYldSqDUNqGUeY7R8c=
content-length: 126

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BAE6 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 67108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 4DAF
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsek...

43 B
426 B

202ms
192ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ff301ebc85f4c5d-MXP
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 29
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKogj6CuQsQQspE8XdXn_T4&google_cver=1&google_push=AXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQcpghangpbnaELDPWqAGVIPqZmx_SyfermzlT4BSWE4YLaIvSrtdEKOjpqgx1UmyW5MRdOsAC9QirpJuO6xJlONNwZsekq%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ff301ea3ede4c5d-MXP
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4DAF
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEHMvDIp33Ocb2x4jNHXzUTA&google_cver=1&google_push=AXcoOmSHSkwAgNOy9UR7UUpn_cLjj8rGItyVLDGCf1TidSJJIsH6qhiafORvU0ZINr5985gS-3d2i4p...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEHMvDIp33Ocb2x4jNHXzUTA&google_cver=1&google_push=AXcoOmSHSkwAgNOy9UR7UUpn_cLjj8rGItyVLDGCf1TidSJJIsH6qhiafORvU0ZINr598...
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=MbWJiOXFRFqVOX24b1BYyWTwKps

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=MbWJiOXFRFqVOX24b1BYyWTwKps

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: A
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=MbWJiOXFRFqVOX24b1BYyWTwKps
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 4DAF 0
173 B 78ms
34ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEL849X9aLr2-GQBNj1HgANc&google_cver=1&google_push=AXcoOmRBCO3L_5Wth6Ddu66WMPM91wQ75RQW3hE8oBoxqUh8rpmjt6VtQSPxKdgIGjHr2wepyTBhW_xo4EyffZVHL3y8Xpw7x_eb6Q
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4DAF
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEFCBg2bPRNX2SYboFtGIKu0&google_cver=1&google_push=AXcoOmSXFGxCAeNadNDq-XEhWhw9xwhO6IWDmKs6VrC2GRf4-VRB7ktmWiqRHVultmkDMF8bs4lS2IawfDhcg5CWdLGFH71xt2pkcA
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTBCQUQ0OUEzQjUwMTYzOQ==

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTBCQUQ0OUEzQjUwMTYzOQ==

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTBCQUQ0OUEzQjUwMTYzOQ==
date: Thu, 31 Aug 2023 05:52:27 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4DAF
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKD68Q89xN3r9vFbo5k9yig&google_cver=1&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKD68Q89xN3r9vFbo5k9yig&google_cver=1&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja&google_hm=HPcgpGZH9biuoCLpRta8TB46

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja&google_hm=HPcgpGZH9biuoCLpRta8TB46

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 31 Aug 2023 05:52:27 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRVAQPtU65XLMdXgX56o1OiOM6A1adHs6D5DgjKmF_F0xsVkpZSFdEEtJkRxb98daFNv71r7D73_K6-ZgBe-VsnTEjKYUja&google_hm=HPcgpGZH9biuoCLpRta8TB46
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 4DAF 42 B
233 B 344ms
108ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESED5ZfGnxxdFdw1ymKWbdYGo&google_cver=1&google_push=AXcoOmR7TFCcdcyJbVuLzqGjdUn8dt5i-yv57MvsvengWPxTd-GYkI6GTBbOp0LUcF4wEGBtAJ-PNu_EGuHWbPVmIzidoOeU9owgR30
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:27 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

dot.gif
s0.2mdn.net/ Frame 4DAF
Redirect Chain

https://sync.gonet-ads.com/match/google?google_gid=CAESEDnifJ7UaTUJMUBucsg4XB8&google_cver=1&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yf...
https://sync.gonet-ads.com/match/google?google_gid=CAESEDnifJ7UaTUJMUBucsg4XB8&google_cver=1&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yf...
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=MzhiZThmODg1ODZiYmMw&google_push=AXcoOmRURpuE0olzvnT1bUpeMTzi1yOOguMHjhU-dWzKKViCe1G-geal8TOVbNMbyQn-7x7WAiQqeXM3BCx2OqOYb2yfvIAHG...
https://sync.gonet-ads.com/match/google
https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=MzhiZThmODg1ODZiYmMw&google_push=
https://s0.2mdn.net/dot.gif?google_error=5

43 B
181 B

22ms
21ms

Image
image/gif

2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_error=5

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 20:38:00 GMT
x-content-type-options: nosniff
age: 33267
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 31 Aug 2023 20:38:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://s0.2mdn.net/dot.gif?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4DAF 0
12 B 36ms
35ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LGDeJsF8BkMAiXRSir-gCMdu9Hnz4aiHg9V1JmsasqGqNe2ot21r0NKzO5L_yQExYCAuc0l3c

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 428A 0
10 B 22ms
21ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?izJ3Gg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame F758 37 KB
14 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FCA2 0
10 B 23ms
23ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?B-xcTA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRisoUZhHz4f0m4aqbLBOhOK7Yy4Rl9YjwSwmlQ-5s...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRisoUZhHz4f0m4aqbLBOhOK7Yy4Rl9YjwSwmlQ-5swVAM-dwx1we4YCjvLUV9Eux0O_8ErdSMOqK3zQ3ZKzqCfm9qNMa8

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:26 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0546ea729b64acd63@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R1piVktuUk0xUUJBQnM1&google_gid=CAESECSllvCATnsu1QabvJBrkJA&google_cver=1&google_push=AXcoOmRisoUZhHz4f0m4aqbLBOhOK7Yy4Rl9YjwSwmlQ-5swVAM-dwx1we4YCjvLUV9Eux0O_8ErdSMOqK3zQ3ZKzqCfm9qNMa8
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMOLNgl8Qibzocz8M2yFpsI&google_cver=1&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL7...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL70-b4&google_hm=eS1hdHM5UV9CRTJwRk9nUDV...

170 B
188 B

38ms
38ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL70-b4&google_hm=eS1hdHM5UV9CRTJwRk9nUDV1OUpTdUM3WW1qLkhyd1N1Nn5B

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 31 Aug 2023 05:52:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTOPIBfNY_tua29a4mk4EGxNk4Z6yM1QMmshGXg-AAYlaOXDOlaTCjZmwjHpQCXGzUs1naIaBXcIX0jCL7VBjdgYL70-b4&google_hm=eS1hdHM5UV9CRTJwRk9nUDV1OUpTdUM3WW1qLkhyd1N1Nn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEDNNztOO-oF-RskL2B2FZLI&google_cver=1&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDf...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEDNNztOO-oF-RskL2B2FZLI&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDf...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY&google_hm=bGtKbW9odzdRTHk1NHl0M...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY&google_hm=bGtKbW9odzdRTHk1NHl0MUZlQnY=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 05:52:27 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSJXSGi1ouRZ_gn9b8HwREN4ZDvfIH-hBuU625Llh7EW1PjHbGW6WP8EBEP2NAZ4vqAE0GV4wdGSTQDfz2kv_x0U2Z8doY&google_hm=bGtKbW9odzdRTHk1NHl0MUZlQnY=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEP_-bNoYLinF9_QaBkQMg4Y&google_cver=1&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVO...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVOoQ4V1R825ADHCw

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVOoQ4V1R825ADHCw

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBb7I-2RfDsKiS-cNGs4Ae3uwLtxbJXZ1-ISfV3gvTkimxTgJxmzhCv1UJQ66VVga5eytD2Aq-1QVOoQ4V1R825ADHCw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESED...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&redir=https%3A%2F%2Fcm.g.double...
https://sync.targeting.unrulymedia.com/csync/RX-409b2d6a-197e-4976-98ff-a44e48d756f0-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmSoLoYoeD5G-nigvKf0f...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&google_hm=A0CbLWoZfkl2mP-kTkjXVvA

170 B
188 B

37ms
37ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&google_hm=A0CbLWoZfkl2mP-kTkjXVvA

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmSoLoYoeD5G-nigvKf0fncgZBzkSRGnHZgz8xNh3IjHLQqI-fTaFCLzv73BECejaicbiTzmcmLXUChpCVvpQ6EqkzE7R4w&google_hm=A0CbLWoZfkl2mP-kTkjXVvA
date: Thu, 31 Aug 2023 05:52:27 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX409b2d6a197e497698ffa44e48d756f0003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BAE6
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJlF9tyzU75J6chz97p8J7U&google_cver=1&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZo...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZoTx_T5&google_hm=Mjk0MzA0NTE...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZoTx_T5&google_hm=Mjk0MzA0NTEzMTA3ODUwMjQ3OA==

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQkn1pppI4qdR70jB3K_ezIofiEEPQCToHam-EaSiZuL0gqDr7M9yQXGCV7fRNIhu9k8fBqqa6tpwa8LQOzZ0fOBZoTx_T5&google_hm=Mjk0MzA0NTEzMTA3ODUwMjQ3OA==
Date: Thu, 31 Aug 2023 05:52:27 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame BAE6
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEIfFa3cSqup4M7_xQEIovq0?ext-param=AXcoOmQEpth8p_408ZIgM_ay9DQuUS5Ht6Ps8T9NpDnqbATle5WuyH4Nii_jluuiOF9YI5uo3ceagSlVa44Tav39rzotrstQMMuB&partner-tag=yandex_ag&g...
https://an.yandex.ru/mapuid/google/CAESEIfFa3cSqup4M7_xQEIovq0?redir-setuniq=1&ext-param=AXcoOmQEpth8p_408ZIgM_ay9DQuUS5Ht6Ps8T9NpDnqbATle5WuyH4Nii_jluuiOF9YI5uo3ceagSlVa44Tav39rzotrstQMMuB&partner...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEIfFa3cSqup4M7_xQEIovq0&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
144 B

73ms
73ms

Image
image/gif

2a02:6b8::90
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-type: image/gif
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Thu, 15 Aug 2024 05:52:27 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BAE6 0
12 B 33ms
32ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J2Xz-LmiYw0uH3-2STYmOQi6qUqEcO-glS02X8v8cSLM4DQFbMuSLAQnZ_NMbXyrTja-BHrtA

Requested by

Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AC89 0
10 B 22ms
21ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vIfAHQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 ebHtml5Banner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ Frame 161C 308 KB
83 KB 26ms
26ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC2XcvmSrwZP_7NI_J7_UPsIyrCPq__O9xj57v1fIR-vHWssUBEAEg08vOMGD1lc6B4ASgAYmHhpYByAEJqQJ1FwXTJx2zPqgDAcgDmwSqBOwBT9ABHfwtbvF0RYICKb9SfgSLT9qYe5HKvRdoURS43WpQiXm9crZRIaRvVFraQpdVFfVjgfAJ40q7Kbc5Qt6yO_uGkLJMnGZaIaoKM5I8fzY1iBbkvRNyFNO3GORlUpZGyCfFLKCfj3gMH9X-69iZhv-1iw4FBVX6FSBN7cn_OTUxC_nysUwysXK15NwdYCbZPCS1pcmW_eNwWNdcLxKmghLi6lz5wPOYVVy3RHKIT_4y-FTQE5BE-S4xza909NjAqxYcvQ4wV3yCsnIq9xBss1-auTitHp6ydolcQcR8WPiJLO9FMeM-2AsfL9PABMmmnLS6BOAEA4gFwv7S_EuQBgGgBk2AB9_4-ekCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE4_TyhTYEw3YFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIv6ypsJqGgQMVj-S7CB0wxgoBEAEYASAAEgLdp_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWnNwngrTg52pxmCri0Ocxnbv4oupZPBnPPYTninBNZeAFKIPZGAE%26sig%3DAOD64_33zhpB7VL1YoLLv8rXImRaSV2dOw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B8jNec5kw69p95yNxLsWK2SaQLoxHoCaJk2lBzaoGIlDjWpclO_UiX0dxfXH-ZiTVvMusknVfD62BWEiYVgEVouPTSKbzTnDmTF1gHNQmCla1xfSw1A0639QJtgyst8Fwi0q8EakRtny4SkzCdgoIkQ0n3UhVb8PsHFLzLbWlsd3znQ4M%26cry%3D1%26dbm_d%3DAKAmf-CyRAK3Zy277Sa-iXMEx9ickr0Re1ou2mT81XB6lpfl029w5xeKGS72HEM645-SCIDU8kz6ykAOks-s-qjLZx1kMQszme24VJycirgmZbB8bf4GLYT7JYwYn27IhL1G3IYBsZPhCiEX7i0-2vuiTXOjUMm2fZyE1ZYIzQzSXA8lkZAWWJwA4hKE-IqLECgdLOKoSl3RJu4CUaO2B9JoToRc2kYDMRaCoJER0YQrXWIo8JddhvDdhRWqK611iEtYQ0Bx8aCD4tF2Bx7Q6SDdzQh3JPE9v7ueiYjg5GMClDe-VbTU4WLDEmTbO8BoGPSY2MJnglBkOSCTsKmhep6xJlseoXQs_-BQQnBgk2z4LnrAa-b5HxTp7ncodfnQHVefXQukoEaRUjWngNXQq8hpBu3wqlIG2T9o5HxHoaTpXN4-tTgPZn-wg70kHqddFk4ASiDQbQXeJsG01fLPXLBA_fWJQzLHAehvX29trX5QEnOUy09Iq7eE-k8w526CaCT9IgwWvIe4oPWuAMzQDRzYbmmzoYG4y7FhAjtuyMr_WDTP9i-xt5C-AZY-7IPUoHsCqZUePrKW9CQCxooo2_1QatTAFctgjwlke9atS2JqnkTyp0tdXEPlaEHWtfVjNegfvVNKWHJRLWfYXPxl1c5fOE-JrTVN-fESq3YpkgN9hyo0Jaa3bPkWH3Bt5T2NLKDAXcekde31%26adurl%3D&e=0&ord=1693461145867839&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:b584b2f1-0c38-fe02-b123-b4ac958facb9,c:mQH1LS,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-dfd6d,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuioer+11%7C121%7C131%7C132*.1554652-73029357%7C1321%7C133%7C134%7C141%7C1421%7C143%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:132*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:22,oid:903cb8f6-47c2-11ee-8596-d22de3852da9,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6bd75958872f79204923212cdba628e5ba4d6de293371b2c32b37ea439d77501

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:25:02 GMT
server: AmazonS3
x-amz-request-id: PBZT2VMC5BC21W5Y
x-amz-cf-pop: JFK50-P7
etag: "b8170f2a43bc750ed0cb4813fc9765c5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: t29lDEKJDf-uQebeTbXDfJcYd9GolwwKlln5-9ZFiYy9liYWRTxkhA==
x-amz-id-2: AhyHvK91tUAxql9L/7O5kL6uUeIMrKNNsU2uf739KRxlLINconpRj1fvglLVMe/wWikNuidCwtc=
content-length: 84866

GET
H2 200 ebHtml5Banner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ Frame 85D1 308 KB
83 KB 53ms
53ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bs.serving-sys.com/1554652/73029357/Serving/adServer.bs?c=28&cn=display&pli=1079406903&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=160&h=600&ncu=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCr0o6mirwZKOKBZ__7_UPsbKImAz6v_zvcY-e79XyEfrx1rLFARABINPLzjBg9ZXOgeAEoAGJh4aWAcgBCakCs_FOJNAZsz6oAwHIA5sEqgTsAU_QjA_uIuQEjcxVb1a6SCr0xKVzIx0duR_xHDPli5L0S7VuRo16r3r8JaGtqQj-9VQtkw2Up7etpi3q5bjuOjvgX2lnQ1TEWsijSiqoQC21UI5qXHysVwlTELhai7tPpKcLsda5RWQl87Jo6zql-cGdrWyuUuvwSrcDRHcklzyj7e70Ji2Pgqgi3dAMVB6UI1ABXGnZWZh5PnWh3DAwgy1tFtMjgHmgj04lwSMduDkchfrx3WOM114J3YjBWMgJY-b9rAiRG0kz8BO2nyM1XMu-3uB5nHGwMAZmLjvB2oCuy25y0UtLRC14LoVqwATJppy0ugTgBAOIBcL-0vxLkAYBoAZNgAff-PnpAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOP08oU2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIo7-2sJqGgQMVn_-7CB0xGQLDEAEYASAAEgIbK_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWm-9QlHCAR-XooQPMU6m0V84RFyfE7g32V-KjYSCZJpFMdgqZGAE%26sig%3DAOD64_1R5QWvkBvpBjo_03OL__xM6DBp9A%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CX7o0fHbUnMNTWcfX3wv1EuCjpT5S98pGrN0WgdKfD08gJqDzWQhdNcYzcTz7FOPVBF9EHmO73wyrD4ciXkJxyQA_tz8gYLvapKXUr5u_77ZaQkKzrWeG8aGCe0jKAqIFacyeMbcZ6qT8ZhphouVvYycID6kyfbMuQ_I7SMmvhlDtMtbY%26cry%3D1%26dbm_d%3DAKAmf-DPZqSg3w5KonSaPbKpFlwwZobwaR8iyntQJd6e7sXOxCk3G5VelXadUlG7RUlEQMfLfYu87VpHGVAFbAJUPMwJfZ9pJ70gp2XcP-hboYU47tlk2GxWzeEy_OVaVtqxy4cAYQsGCxQBmUjC3sXx3Bdvv8SNo4Y37kxAwcWoDHbiFM536aU5ElW5gScWLUWvgPwxaJ4rMGXvNtkaw-y0DfpY0_GmnvBy32k-VAnXl9x1PDJ7NhKJ1HDA3Vkk9H-2uUMV4hpT9wcdsze0zCpg02w_7ghx6-9VVg9HKGdK_jUERvnD5mDa5jIU5phe-8bz3kZEQFlpGSYJpvX6hWtRsZ-qnDzQT8IXEbeaZaZdy7ayVnSwPN8jQTzqWxTApyES4I_clIfla_UpS0CBYw3lm-S07sdzR9yEJg8wBISGEC1S5Tv-mnm1gC-1EXOxGxdw1RpYGyF1gamUe9mJ9huQzSQzV0WZXadT1tkoihD9-xtl8BRe61UD3C8xfIV7DUWOeDJrqardaOlBgC6-K04Dpp-K5TjhTuc-X6NO10Dx-uSdkgTq7BTAswHlo79So0mxUI3Iee4ebLLqgygoH-nJA05l3LolEUWt3D9f2e4xkYjnk7M442PeA_0IBDc6PmM6RlEw0-6D2lWyNnFDb_xUx57MrCV7qM6-GydiEGSjflg8n1ikvJML5d9zCJJRgnZ1veU6rqha%26adurl%3D&e=0&ord=1693461146083235&ifrm=-1&z=0&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:cf52fac5-ad08-99d8-dda5-d0c66b35ed3e,c:mQH1Os,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-9tfpn,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:3,mot:0,app:0,maw:0,fm:tOuiogY+11%7C121%7C131%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:904c2244-47c2-11ee-96d1-ca15dec157a0,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6bd75958872f79204923212cdba628e5ba4d6de293371b2c32b37ea439d77501

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:25:02 GMT
server: AmazonS3
x-amz-request-id: PBZT2VMC5BC21W5Y
x-amz-cf-pop: JFK50-P7
etag: "b8170f2a43bc750ed0cb4813fc9765c5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: t29lDEKJDf-uQebeTbXDfJcYd9GolwwKlln5-9ZFiYy9liYWRTxkhA==
x-amz-id-2: AhyHvK91tUAxql9L/7O5kL6uUeIMrKNNsU2uf739KRxlLINconpRj1fvglLVMe/wWikNuidCwtc=
content-length: 84866

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 85D1 43 B
215 B 199ms
199ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=cf52fac5-ad08-99d8-dda5-d0c66b35ed3e&tv=%7Bc:mQH1Xn,pingTime:-10,time:577,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1693461147405%7C%7Cbe32bd18e6250c2d10a71c8fe5c957bf%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7Cc87a02734df3c8158fb6f3945801dc23%7C%7C8edcc7b43bc12fba0b9be4fba674281e%7C%7C5d4209c26a8d7a3a4f5ad5c09485b2a3%7C%7Ca75dde6e87f7874b53eba1cf6a63c47d%7C%7C11e92b8715b946f29da5d8b17999254c%7C%7C1663701684,im:%7BpWait:45%7D%7D
Requested by: Host: 010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
URL: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 161C 43 B
215 B 198ms
198ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=b584b2f1-0c38-fe02-b123-b4ac958facb9&tv=%7Bc:mQH1XN,pingTime:-10,time:760,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODkuMC40Mzg5LjcyIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1693461147431%7C%7Ca0f77b71f2c4c5c29a05dfb5e2b7058e%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C7262c7279463aba5f78130252c69ae90%7C%7C0c119b8f08f3956e26e7f3152cb2f231%7C%7Cc5127fc1b114c4b3664d9ee59b4c3800%7C%7C5fea5ef2ffb34e4e54b031371949e91d%7C%7C93c3308b75b3d7168096711ffcb547e1%7C%7C1663701684%7D
Requested by: Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 161C 7 KB
2 KB 24ms
24ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 91cf683ee0db61e475ee4f5c12ba9281256db5662fd80f2b812067fd9d39b691

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: M4JR6J2GBTFMGZPE
x-amz-cf-pop: JFK50-P7
etag: "3470a076f0022d50a41874998110932e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: k1O3hHKBid4XClUgevc90KvXMIgqRKc6BnksV1dYiDBdJTY0kXL9Hg==
x-amz-id-2: OfW1A9Pnu6rVAVj2FkfaC/q/s8qYPMkezQhAQ++IcwRJaYmX3brywhXvoe6Z1lx7OwfmoEC/FD4=
content-length: 1951

GET
H2 200 index.html Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/ Frame 0CFB 839 B
731 B 27ms
27ms Document
text/html 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0e0b14d3a1bdbac333f8da9f82c4027f1286c78cecc498200a6bca8473d776cf

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
content-encoding: gzip
content-length: 405
content-type: text/html
date: Thu, 31 Aug 2023 05:52:27 GMT
etag: "0c40f382816b895116c64a483aa4dc2b"
expires: Mon, 31 Dec 2035 00:00:00 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-cf-id: xqoAO2V2V5AMFqYR9cE_TNQ7PEM32HsCGoBtj_GMu1xq8UUqaelxaQ==
x-amz-cf-pop: JFK50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: hYm0YRuPWM9luGmEj5P0PqpSxc.uiUAf

GET
H2 200 IntersectionObserverVisibilityProvider.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 161C 10 KB
3 KB 25ms
25ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/IntersectionObserverVisibilityProvider.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 099657171463b4ada4b9bbf48a40e2305f67331a210ca4bc457051e0499ee23b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: PBZGBYS46ZPG8XPN
x-amz-cf-pop: JFK50-P7
etag: "08712066615c929ef7883423b4376874"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: qqsVbbXe6t58OBbHIQyI9UEPVR2u2HikREB0Bz3YBcvyLbOvfQdofA==
x-amz-id-2: 57BnZvPKL/ypMA+9QkzdGxPKurZme8I+iRNHtdIZEmrcvJQYalYE+9j0c8NjtT9S5zmjjvvUweQ=
content-length: 2964

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 85D1 7 KB
2 KB 26ms
26ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 91cf683ee0db61e475ee4f5c12ba9281256db5662fd80f2b812067fd9d39b691

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: M4JR6J2GBTFMGZPE
x-amz-cf-pop: JFK50-P7
etag: "3470a076f0022d50a41874998110932e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: k1O3hHKBid4XClUgevc90KvXMIgqRKc6BnksV1dYiDBdJTY0kXL9Hg==
x-amz-id-2: OfW1A9Pnu6rVAVj2FkfaC/q/s8qYPMkezQhAQ++IcwRJaYmX3brywhXvoe6Z1lx7OwfmoEC/FD4=
content-length: 1951

GET
H2 200 index.html Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/ Frame 9D6A 839 B
731 B 28ms
28ms Document
text/html 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0e0b14d3a1bdbac333f8da9f82c4027f1286c78cecc498200a6bca8473d776cf

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
content-encoding: gzip
content-length: 405
content-type: text/html
date: Thu, 31 Aug 2023 05:52:27 GMT
etag: "0c40f382816b895116c64a483aa4dc2b"
expires: Mon, 31 Dec 2035 00:00:00 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-cf-id: xqoAO2V2V5AMFqYR9cE_TNQ7PEM32HsCGoBtj_GMu1xq8UUqaelxaQ==
x-amz-cf-pop: JFK50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: hYm0YRuPWM9luGmEj5P0PqpSxc.uiUAf

GET
H2 200 IntersectionObserverVisibilityProvider.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 85D1 10 KB
3 KB 28ms
27ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/IntersectionObserverVisibilityProvider.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 099657171463b4ada4b9bbf48a40e2305f67331a210ca4bc457051e0499ee23b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: PBZGBYS46ZPG8XPN
x-amz-cf-pop: JFK50-P7
etag: "08712066615c929ef7883423b4376874"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: qqsVbbXe6t58OBbHIQyI9UEPVR2u2HikREB0Bz3YBcvyLbOvfQdofA==
x-amz-id-2: 57BnZvPKL/ypMA+9QkzdGxPKurZme8I+iRNHtdIZEmrcvJQYalYE+9j0c8NjtT9S5zmjjvvUweQ=
content-length: 2964

GET
H2 200 style.css
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/styles/ Frame 0CFB 1 KB
788 B 26ms
25ms Stylesheet
text/css 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/styles/style.css
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 3522e3550376f697bd23370c6047accc60f70cddd2a0df9765123756ee2ab412

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .rOMuZEKKG2ThMCMTbWY9dp0E0PWKmN2
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "eb5abcf336633304b086bc7683b0351d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: CS98Ye5cfdD3tM3y0qAw8GZ9C9Ulot4vFVUMYjhkiUsKlwZ8XhKSog==
content-length: 462
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 EBLoader.js Show response
secure-ds.serving-sys.com/BurstingScript/ Frame 0CFB 12 KB
4 KB 26ms
26ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7ae0b8e3f80fd2c97dea35c4a3643b17368ea41e6e63f083065bfb2a38caf37c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
x-amz-request-id: PBZKZ9E99F7PZTQS
x-amz-cf-pop: JFK50-P7
x-amz-server-side-encryption: AES256
content-length: 3615
x-amz-id-2: dY1sog/jFEOXiYot7VLY5EaWxRlMw+g1cFNblO7r9aXCbhbJezkSDuJakCliYca4euOvAZIL6gI=
pragma: no-cache
last-modified: Tue, 18 Jul 2023 10:48:48 GMT
server: AmazonS3
etag: "b92fa833b298e9df5fa8ee69009adb9a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 4OXxlVtKMzrf0CE86k4M55OedEnm5LY-Vch0e6nzkZFnV1iXH_OAlw==
expires: Thu, 31 Aug 2023 05:52:27 GMT

GET
H2 200 gsap.min.js Show response
secure-ds.serving-sys.com/BurstingcachedScripts/libraries/GSAP/3_1_0/ Frame 0CFB 56 KB
23 KB 26ms
25ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingcachedScripts/libraries/GSAP/3_1_0/gsap.min.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cc487336acb3ea5ed2cc6ca09757137d612286c0ebb00587a997ecbea9053546

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:48:34 GMT
server: AmazonS3
x-amz-request-id: 26R99V4TTQ9WTFTK
x-amz-cf-pop: JFK50-P7
etag: "1b98a6c405548d6b5b1d73716b85654d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: XtnhniGjaohvlzHsCaw4AMnOkaCluKuD-dk4WiZgI3A91cW0ZVsG0A==
x-amz-id-2: isurT0NZkSJxlfVkPt6HhaAF4TNVdOU7PZXnrQTUitJCKf+VJ+7zlRmtnEuBFcvb024fR+I7iSw=
content-length: 22798

GET
H2 200 script.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/ Frame 0CFB 451 B
585 B 28ms
28ms Script
application/x-javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/script.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e6ba221d2ec7188b7e2e7d35fde3e829ff7badf17324cbacb0c4017eee13c18f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: xdRjpaB3kdFCI08GU1QUcyoikdmziIc1
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "afa1841d3057229e11028cd03020464d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: lAlqtaM6Mw-IhbQGdbUYtNqhuqB25ZbIoEbO4VMOHXBNQaa3XyMB8w==
content-length: 249
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 auto.jpg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 0CFB 92 KB
93 KB 25ms
24ms Image
image/jpeg 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/auto.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b93a131334f956bdcf7a7273c199dcb6bef112f2fa8d2cc86082e52141e06c3b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ls9l9wD4MfF58u5aFTDqeGy7kCjssgG1
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "b3873d7de84d25759560da07c6175092"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 94555
x-amz-cf-id: rF9aK_sbdk9eVj5OamxIxN0F6Ck0QP0G2QM3P1gt6fR7MlCPoiW1jw==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text1.png
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 0CFB 3 KB
3 KB 28ms
27ms Image
image/png 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/text1.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: a83ebeceb12f3b565dc092a879fe8a1d2b9d0a2f6a45a29096a840b8fd0bc347

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mhAOjDiLeINxZsLgesOHOWO6mh1zP_Ly
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "f1b913dfe88221f0c11695965c4bfa66"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 3074
x-amz-cf-id: Cfd1EZb38YCFOTKP_65MiZQvzSPbZpLyZq_QYA8TeRb8rRJSuzbcoA==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 btn.png
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 0CFB 1023 B
1 KB 29ms
29ms Image
image/png 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/btn.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0a900465b905cf28901df2cefca2c4d037a289c5636f3f15d306404d46666eb8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: XUtnCF2YJCWNwpqGtmxP1hpEL6Z9.ZRj
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "6ff0871806cfb80a2607f139598ab347"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 1023
x-amz-cf-id: QBhktQyozbKdfNh5iQHuGYYjzgPLR-_okVz5vBpuiGAsJ2C8LY4ynA==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 logo.svg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 0CFB 1 KB
951 B 30ms
29ms Image
image/svg+xml 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/logo.svg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e55091bef23d757855b7298ac3c5449b609f667a2e428e026efad79124c08b17

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: I2pALWBA9V_kxJiqRUqFL0od3sIRLy4J
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "63c2dae8c174aeb1d842f88ea1451acc"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: c6a9OujGvvlXNNQg6__M8-v51iGYm5H8akHJPneZI8j0mdmr8fOSEA==
content-length: 622
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 bg.jpg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 0CFB 5 KB
5 KB 28ms
28ms Image
image/jpeg 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/bg.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d7ac44679ad415621c83db2875ebae6bfd0df973233a281d0ee176fee8234aba

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 36LqKCqSlbURtLRPfwlWLC4K_N2q_ef_
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "a279fb07042840235619063c0e469f99"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 4727
x-amz-cf-id: iTpA-A4h33vFepH9n2KHPW1PYD7lvhTklNEcT5ExofD38y70cQ4uQQ==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 v1.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/ Frame 0CFB 855 B
758 B 25ms
25ms Script
application/x-javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/v1.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 531b4fb94b0938b3f5efc3a1ebd8055782ac8412d7d80935b4efa0a8bcc9962e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: DkEHs3oOTEPyTbGKxPJ6nXEGMplD2dMa
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "90d996c7330ab4f4db07140899aa74d8"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: VJrVE15Jfac6DUdJD-9sM-DIbjTMVamAizpDLE-m4mfNYbtemsQJYQ==
content-length: 421
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 style.css
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/styles/ Frame 9D6A 1 KB
788 B 25ms
24ms Stylesheet
text/css 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/styles/style.css
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 3522e3550376f697bd23370c6047accc60f70cddd2a0df9765123756ee2ab412

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .rOMuZEKKG2ThMCMTbWY9dp0E0PWKmN2
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "eb5abcf336633304b086bc7683b0351d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: CS98Ye5cfdD3tM3y0qAw8GZ9C9Ulot4vFVUMYjhkiUsKlwZ8XhKSog==
content-length: 462
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 EBLoader.js Show response
secure-ds.serving-sys.com/BurstingScript/ Frame 9D6A 12 KB
4 KB 26ms
25ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7ae0b8e3f80fd2c97dea35c4a3643b17368ea41e6e63f083065bfb2a38caf37c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
x-amz-request-id: PBZKZ9E99F7PZTQS
x-amz-cf-pop: JFK50-P7
x-amz-server-side-encryption: AES256
content-length: 3615
x-amz-id-2: dY1sog/jFEOXiYot7VLY5EaWxRlMw+g1cFNblO7r9aXCbhbJezkSDuJakCliYca4euOvAZIL6gI=
pragma: no-cache
last-modified: Tue, 18 Jul 2023 10:48:48 GMT
server: AmazonS3
etag: "b92fa833b298e9df5fa8ee69009adb9a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 4OXxlVtKMzrf0CE86k4M55OedEnm5LY-Vch0e6nzkZFnV1iXH_OAlw==
expires: Thu, 31 Aug 2023 05:52:27 GMT

GET
H2 200 gsap.min.js Show response
secure-ds.serving-sys.com/BurstingcachedScripts/libraries/GSAP/3_1_0/ Frame 9D6A 56 KB
23 KB 25ms
25ms Script
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingcachedScripts/libraries/GSAP/3_1_0/gsap.min.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cc487336acb3ea5ed2cc6ca09757137d612286c0ebb00587a997ecbea9053546

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:48:34 GMT
server: AmazonS3
x-amz-request-id: 26R99V4TTQ9WTFTK
x-amz-cf-pop: JFK50-P7
etag: "1b98a6c405548d6b5b1d73716b85654d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: XtnhniGjaohvlzHsCaw4AMnOkaCluKuD-dk4WiZgI3A91cW0ZVsG0A==
x-amz-id-2: isurT0NZkSJxlfVkPt6HhaAF4TNVdOU7PZXnrQTUitJCKf+VJ+7zlRmtnEuBFcvb024fR+I7iSw=
content-length: 22798

GET
H2 200 script.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/ Frame 9D6A 451 B
585 B 27ms
27ms Script
application/x-javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/script.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e6ba221d2ec7188b7e2e7d35fde3e829ff7badf17324cbacb0c4017eee13c18f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: xdRjpaB3kdFCI08GU1QUcyoikdmziIc1
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "afa1841d3057229e11028cd03020464d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: lAlqtaM6Mw-IhbQGdbUYtNqhuqB25ZbIoEbO4VMOHXBNQaa3XyMB8w==
content-length: 249
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 auto.jpg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 9D6A 92 KB
93 KB 24ms
24ms Image
image/jpeg 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/auto.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b93a131334f956bdcf7a7273c199dcb6bef112f2fa8d2cc86082e52141e06c3b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ls9l9wD4MfF58u5aFTDqeGy7kCjssgG1
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "b3873d7de84d25759560da07c6175092"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 94555
x-amz-cf-id: rF9aK_sbdk9eVj5OamxIxN0F6Ck0QP0G2QM3P1gt6fR7MlCPoiW1jw==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 text1.png
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 9D6A 3 KB
3 KB 26ms
24ms Image
image/png 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/text1.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: a83ebeceb12f3b565dc092a879fe8a1d2b9d0a2f6a45a29096a840b8fd0bc347

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: mhAOjDiLeINxZsLgesOHOWO6mh1zP_Ly
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "f1b913dfe88221f0c11695965c4bfa66"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 3074
x-amz-cf-id: Cfd1EZb38YCFOTKP_65MiZQvzSPbZpLyZq_QYA8TeRb8rRJSuzbcoA==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 btn.png
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 9D6A 1023 B
1 KB 27ms
25ms Image
image/png 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/btn.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0a900465b905cf28901df2cefca2c4d037a289c5636f3f15d306404d46666eb8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: XUtnCF2YJCWNwpqGtmxP1hpEL6Z9.ZRj
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "6ff0871806cfb80a2607f139598ab347"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 1023
x-amz-cf-id: QBhktQyozbKdfNh5iQHuGYYjzgPLR-_okVz5vBpuiGAsJ2C8LY4ynA==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 logo.svg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 9D6A 1 KB
951 B 27ms
25ms Image
image/svg+xml 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/logo.svg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e55091bef23d757855b7298ac3c5449b609f667a2e428e026efad79124c08b17

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: I2pALWBA9V_kxJiqRUqFL0od3sIRLy4J
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "63c2dae8c174aeb1d842f88ea1451acc"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: c6a9OujGvvlXNNQg6__M8-v51iGYm5H8akHJPneZI8j0mdmr8fOSEA==
content-length: 622
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 bg.jpg
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/ Frame 9D6A 5 KB
5 KB 26ms
24ms Image
image/jpeg 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/images/bg.jpg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d7ac44679ad415621c83db2875ebae6bfd0df973233a281d0ee176fee8234aba

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 36LqKCqSlbURtLRPfwlWLC4K_N2q_ef_
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "a279fb07042840235619063c0e469f99"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 4727
x-amz-cf-id: iTpA-A4h33vFepH9n2KHPW1PYD7lvhTklNEcT5ExofD38y70cQ4uQQ==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 v1.js Show response
secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/ Frame 9D6A 855 B
758 B 30ms
30ms Script
application/x-javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/scripts/v1.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 531b4fb94b0938b3f5efc3a1ebd8055782ac8412d7d80935b4efa0a8bcc9962e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: DkEHs3oOTEPyTbGKxPJ6nXEGMplD2dMa
content-encoding: gzip
date: Thu, 31 Aug 2023 05:52:27 GMT
last-modified: Wed, 12 Jul 2023 08:47:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P1
etag: "90d996c7330ab4f4db07140899aa74d8"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: VJrVE15Jfac6DUdJD-9sM-DIbjTMVamAizpDLE-m4mfNYbtemsQJYQ==
content-length: 421
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 EB.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/ Frame 0CFB 83 KB
29 KB 28ms
27ms XHR
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/EB.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 03aea036d7101b727344ac9853097ca385fec3cb43dcd3d9763365a69df06e41

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:38:14 GMT
server: AmazonS3
x-amz-request-id: PBZVVHVED4C7VNY0
x-amz-cf-pop: JFK50-P7
etag: "77a82367aed14a0bffaf28a08bf06724"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: 7bd7EDzZwcvJT3uY5wOSqS7ZjLii3FBNxLpwKh_YKhWJ4WihuWhFAQ==
x-amz-id-2: UreQA24Qb9zk0NXZra632KAzgLFG3J1Al+8of/8vnzEyqabcHactJfRgXyL2eCbW4rCW9FpV3Sc=
content-length: 29400

GET
H2 200 EB.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/ Frame 9D6A 83 KB
29 KB 37ms
36ms XHR
application/javascript 2.16.238.136
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/EB.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-136.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 03aea036d7101b727344ac9853097ca385fec3cb43dcd3d9763365a69df06e41

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/41437/20230712/1077144274/80696324844956036/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 05:52:27 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:38:14 GMT
server: AmazonS3
x-amz-request-id: PBZVVHVED4C7VNY0
x-amz-cf-pop: JFK50-P7
etag: "77a82367aed14a0bffaf28a08bf06724"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: 7bd7EDzZwcvJT3uY5wOSqS7ZjLii3FBNxLpwKh_YKhWJ4WihuWhFAQ==
x-amz-id-2: UreQA24Qb9zk0NXZra632KAzgLFG3J1Al+8of/8vnzEyqabcHactJfRgXyL2eCbW4rCW9FpV3Sc=
content-length: 29400

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D82 0
20 B 60ms
59ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4NvQmirwZKuVJb6sjuwPlNCT-AEAAAAAOAHgBAI&bg=!4eKl4q3NAAYHwnCgJ8I7ADQBe5WfOGtCIo3lS9UmlNOC4TzHCGA6qPmgBhx1JX1SgQZ5nGfJk4uZzHf0WRo54tmK2_szAgAAAZNSAAAACGgBB5kDZJWyNE1JnFNqZEMF9G7ekgvTNYCDNZ91EWUUNQAhcSiAmv4HBqoLBcaw67CjTEtgCw0ZevxHAeVzaUpQr0PCXHqoodRD4ZU7YN2JFuBYiyFt2L0vIm-y6HAaf8Z9o87v4kLUvvFwARmB5a3A9euky99rMFgTxuuvPu0HHp7BG0vtaD0twJ5vYPmM3y54gl_2X9Z-S_bYLhx-m07XvzJiyglu0hvg0Pqpl6zBfxn5SpJaVclCA3cn_uzt3hx5S8rijaWAQQr9AxZeC1rbJpoEGZL3OjRPrUjjTpfC3QIfo7t0AQz6T8l-OnKswTlzUtzs2FRfkLrRymFhDor4sejv8wAazCspuFNM2YX17hMaxC3-dz9_ymgJ8FCxKF7Hy1_MXDsNxxpYJDsiEBsbtwTYzrbp6Rq2JXWhJ5tEKckuxbetWwBkH-9pkvp_LY8KdOv6VmcTlCSWZPqGLvnRbxDL0QDuTXanSHR7VyuPb1S-jZ5N3uGG8R3Wks_0bh1s7WsCjQEx_4mGyrILS7cg6oRYkpvUQQ12ZdjRhsms0m92L7AP7ozLXUJGhQpLH1kGTivpfdvOpTNw1iKD5CXfQYkiEhXwlm77F8KWr__6ZViAbCy4hoURcg_j5a59VnS18BEf0vOePqAbBkvew2wurldR6xHUgzkgMg9XWVZ0AzrToXssSEadcbrl81-Z3R7AqYrxX9jTKTYN_02W8Xx5f6UKiAhJLqbk-dmsOtErvt1hnzDOVpItcr8dbFpOOebSGZWjQ8TBKr1qHZfSE7KXnoqvMKt3m1Du8H1WkJ7yRkOrmyIgnb2T9AfC6PuQl22_dD4saZVL-CFh-ryuTVWqTrs9fH7jvKoGEX3EoRc7kkts70OPmVQzDCuSefkCYQ8XRlvINNEh-GsxcXsetxkQ_tAdBvakisH7sQOzJLkmDnwytoiJnx2BdhGiQoyy8c1hbYPKDRvoYrTMWtv7rlDjBZRPE-EZUbet2gD6lTtr8RfWVBBxMvkkVWAUJea9GCH150lhaM5karTqOODb0wE1rTXxvefeW2qABzjsRlmvLNBeyvDzDJewdCNNXmM7QpjdE7EDnRH0pjIIVyh4RZx1d3n91gkxy3MBShqb52CXrUJ3LBrpwptQxfarVaU9YZOfSylWQQNCQao

Requested by

Host: 311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
URL: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 0CFB 0
191 B 174ms
24ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure-ds.serving-sys.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://secure-ds.serving-sys.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 161C 0
230 B 163ms
24ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 161C 0
230 B 165ms
25ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame 161C 24 B
628 B 28ms
28ms XHR
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=3346419500533891044&ai=1091150630&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&oo=0&clsrc=2&clbv=_2_241_3_0&gdprpurposes=1023&dg=1078004849&sdg=1079201923&ctick=208&ord=0.589780318919459
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: private
access-control-allow-credentials: true
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame 161C 0
499 B 29ms
29ms Ping
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1091150630~~0~~1078004849~~3346419500533891044^VsR~0~0~01020~210^VsRAg~0~0~01020~210^VsRAd~0~0~01020~210^AdStart~0~0~01020~210&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&rnd=0.4688946130019498&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 161C 0
499 B 29ms
29ms XHR
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1091150630~~0~~1078004849~~3346419500533891044%5EActualSize~0x0x0x1x1000x0x0x160x600~0~01020~216$$&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&rnd=0.6435617553991906&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 9D6A 0
191 B 149ms
25ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure-ds.serving-sys.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://secure-ds.serving-sys.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 85D1 0
230 B 153ms
28ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 85D1 0
230 B 154ms
28ms XHR
text/plain 18.194.35.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.35.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-35-23.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame 85D1 24 B
628 B 30ms
30ms XHR
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=6441264030359626251&ai=1091150630&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&oo=0&clsrc=2&clbv=_2_241_3_0&gdprpurposes=1023&dg=1078004849&sdg=1079201923&ctick=192&ord=0.8269812889999095
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: private
access-control-allow-credentials: true
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame 85D1 0
499 B 28ms
28ms Ping
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1091150630~~0~~1078004849~~6441264030359626251^VsR~0~0~01020~192^VsRAg~0~0~01020~192^VsRAd~0~0~01020~192^AdStart~0~0~01020~193&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&rnd=0.40688383258690974&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 85D1 0
499 B 29ms
29ms XHR
text/html 18.195.120.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1091150630~~0~~1078004849~~6441264030359626251%5EActualSize~0x0x0x1x1000x0x0x160x600~0~01020~194$$&usercookie=u2=9f881148-c374-4230-a517-7e36d97ebe14&rnd=0.23952764589455877&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.120.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-120-244.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F758 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkVENmirwZOOuKsyp7gOF-bO4DQAAAAA4AeAEAg&bg=!-fql-rXNAAYHwnCgJ8I7ADQBe5WfOKC9KAqVhn3jnbN-aK0g0SRSfp_JPIZnKbuzGTPNKCDh0mMyu3jwuv-JtHlEZHZcAgAAATdSAAAABWgBB5kDVT7-CH7b29rbC0zPSrE9s8_YbHd7_THoVDyLLLs1GBmfh5KtAol4y6wlSSeOLKXdSl6TiZeQ6lykedOrHp-bXFZnGKzsyQoWTeIDhweLos8zw5wynSfdhYq3aRml2iZDM2F5R747YWq-te_lNoy78w66l6rcB8dwmIoY_gVq62ixTIqGMnZT-_7p6dRbuB5y3p9hDMpS8BCAgN_ELmsqM7AQjPV08S0-aztoKwPCIru-9cwWtxhFT8JoLL60etk8pVwZNu9AeGDOHGuwqt_umQzaUEyKUaSi93cgK4P7Qx94HC2qL41XAkoxsmm2plLw3_tk-_D3IAWx-pZ15pfZYIrwzsRnOLZcLJieEWXWNL1MRYWBAMh7VPk8iYRwTkmifZgbcLDS22UmRLbFcPrX81YqjI0rM6iCDui3wKKsTh5Y5bEE4yxHAMHzWrzL49uHYeeYgEsxywl5g8AmOPva5k8q5THYBY8-iXX_37Ni-t4bvMPlifibpmbu9M7uILaespnWZWDJrIfgssW2zTPtnTdtJElJwyNrqwaKWx0QQTcT6IGSSITQVANHQFoH5Kz6BRvdCsIJ8VDkvnHf1v3Oy9fZIazVYtz60-G9lBq0bBieO305JGnKIYKMX8nMh-8wfAkhjx4wwTxC-tj7H6GdtlqL6Wl-vI7rtRq1nooIgCVs5hY8z2KZK-Krv66YdAEerHhGqX6n0psohJpGjr4uA-Cm9ak94VOTBg-zbU3t2wjMMXyLoRHPFXC1Bde_5hXVmspWiJeprNKCTETzOuRu4G9Janv4O3LaXDW5yS9cdGB0QEF5PcIISif1cVwjF9YhCthYsAdosaX8PzcY9BONtz0IrxmrQDW0TciYP4cw_s-TS1rx7l2GVH8Rm6_5jd8602zmFrielflVnTsu3orvu1fr021MPOJD76DUkt1l9N4bIVlG9Nr9gfoA8fA2UHAXkNa3ZWh3D9kxtjk5lqUFwF29B6JWPMV9olJd3zSS-UasCfSUyQffbedUxlNNVCBoNGLFfrOFep8-W61mLAI8KzhuQh78P2U1PTO1Pb-264JuDuYGdpqLoCe4jUQWKxpU_iJ4cTombjstZMmpsOSMnnXCagA6YoDlCG0w1IBQsHOpgLPa5is

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 85D1 43 B
215 B 199ms
199ms Image
image/gif 2600:1f13:800:7780:9846:83bf:7761:208e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1554652&asId=cf52fac5-ad08-99d8-dda5-d0c66b35ed3e&tv=%7Bc:mQH22b,time:875,type:e,im:%7BpLoad:845%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:875,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B870~0%5D,as:%5B870~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:246,fm:tOuioer+11%7C121%7C131%7C132.1554652-73029357%7C1321%7C1322%7C1323%7C133%7C134%7C141%7C142*.1554652-73029357%7C1421%7C1431%7C144%7C151%7C1521%7C1522%7C153%7C154,idMap:142*,rmeas:1,rend:0,renddet:IMG.us,siq:25,sis:253%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:9846:83bf:7761:208e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:27 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1D5B 0
0 60ms
58ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308240101&jk=2883861095143595&bg=!yMuly4TNAAYHwnCgJ8I7ADQBe5WfOJ9I6IsU9vHHqWxVH6HfugWp4bx-FPnuCQs0TzYWwUf48NHtqIbbHeevv7UyYXZ3AgAAAcZSAAAAOmgBB5kDERKaCBKMBIjpsOblsu5LPeBIMi0lI7Dcxqg2IQITtcxMosw0ah_pBVl9MHWHRLPyS4B2qj15DhsnrCOOBxkbrYlpe6elPi1rC12qA9ueSXkHVnB6sAssfd5qNUQYHcnh08iDPo7AR-pYB0LiHl63axVx058bWMCQLY1E08vx_KIF1wpmeA5h_YtH0ftX9w1RFDnSrjwIGxUK6eXkhcgrK-VQ45c_X2UTfbaRIYssvhmEmme7IBUrBRJ_8s_lJvwK7VoCe_bFEq-5-vInd6u5ghTlI34lY2kSmxuhcm3Fo4aQydEjrV55Oxwqcz18VrnjtHuzMVojljqSm0GvcjUuGuPRcGzE0yeVkESG0Aw0kb22ua-XMQjlzu0QIQmsALvvngDYCfwOWd0iOcLj63DA4xJNUWhUn5UGLz2pcg-zGVQ5oCWCs8mXEWfrkjARqz8I1vQpDmo3PTVnxIbEDVIax4_wyFVI1UlINHXar0rs53Bh3rHe4eDfAfBJtixphmcnVwj6-RwNOS2gdnLC-cOg-5FDwQL3oUnlaiFkldbwTxqdj2sOc5PtOC0J1Nikg8oVFXfcKEjZUg4a352_XraCCC01kRRO37hqziV7p6gCYYP682fiN8pesfuzsYImlsat2y5O8Prc3Q6qxEphpN69q67CqmgDCBeQwqNh0Rjuqw554bACXiDLW3x3-El0nNqNAlxQj5-MaO5eKFYYIsAxCfAgSGVjjsWaI40qxMBVujcFeF4JIOhgpcT3xosDuj-fCS9zLnHsOpYrJeyJ9AIKwOE0Qs0jgx7LTkwXYHqQtyMlOiuiFRNATkx_x66Ug2kD_-LOm1RhRorABt9lVKtqrmvI8gOQ0n6PW_xOhE-wfQKG_luKbaoxbZE1mcd0_BvA2jyJKDyVXdZ44Es5Ycmbvvh-qAnJgN1k4VwKoTiUncnzPzU8UBm7fLTjtNanl8R3OLMsAgNzkFVLPII4iUgiwepHKSZLfgA3Jc_exkmk03NVhx0_ro6Da4QBI8QaGLSrcVbjTK2JYUHwLKJNWewoByf7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2495 0
0 59ms
59ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308240101&jk=4233398476759937&bg=!iomlicbNAAYHwnCgJ8I7ADQBe5WfOI8ZWm4gxRV3aXqBSA54oQcxLt1qloReNTWhMr2eTCm-_M_jUnnuoBokDCzHtS74AgAAAZ9SAAAAH2gBB5kDBLHP7k_0AwBYlDcGdZMUQ8oKjjAvYat0AzqeCZc2dvvitaft3TOZg8-2S4ZJxuDl138VnAx7UPm-hbOfomoaygDbHZApg38L3FNJRFgEgdmfLMzMHL219ATcqxIPGKIUFaO0dY_JkMHwDwUH2KUdOIJg6WZjahg3eEQhmomq-lL-9ul-bNtEosFW72FOEe9KLMcE-glhCIDuacZXj4_mmtbfv0ot90v8am3au4QQJA3--zdwTX20UK5m4MtlkfFPLUWw0T9k7KgArUJjh2Bn3KzO57yEX-zkSxK_GLBXH7ray9cmCz5mNEXEXlUgYRdh39CruKbbGrH0tFeq1kubXlxaFoqqLi7UPAmqQtS613fzEJgeC_XNnQMPnX8r-8NCe-SZyUwixwj_CxZyLgoNn82mzbnatQvbOq0ETkFGrps2XdUu1pWazWPmtE9fTe4Rp2itC0StpuElAGqED7nAMLCbJ5BdFhV1z7CUBmGOLP-D3ygjtHavGuts4M2HCNf-27LlGcJ96EAOMIP8R8VI_eGUPKP8SACEfz6nLRLz5KB0Bs8ihh-qFLtkAf8Z4o-6GxEP1lDBXWc9ZFqLiJZuv_bB58kAaWyTYRBUY1NxruOzDrko6HnOH7e641-h9j-yK4xiNcnatnS9Mh_OOCKdykFWBUq-4lkVctBByzAtW_c4qEBWl89fRjJOLSpyBNKbYxld0I2_ZnnsOj9sZ4YN5BNXyCeMiMphnEIKNx2mxy0GdN-HAi5RSFC5Tk7wudV5Q2waPPj0poVPtXaKk5cX70v9DepeRqk2UWfXMckJcsZ_kmIpl4-6onAFJ5iSfFu0uNBwyRB2DZxVsUUemXc7XwK42rmdJO_4-YDX79tnHP9qtxN9kkVTpiC6qkMMs_l5YtXoj1JRLz6JHXueRhollG46JzB-qnLh_GLjDVvLtOTK4X4c_M86j1JtVsM_OCEVyIDUzpsM5Q8yj9D6SMXu-FKKWGGDw4NkC3WSZBkvF9Hs4hIWgtB0N-5We2YxRYn5_hQQ8DI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6D94 0
0 59ms
59ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308240101&jk=2845785222349537&bg=!f3ylfDPNAAYHwnCgJ8I7ADQBe5WfOFJw-azwW2yumVYCNm63TaO51HL7hZrLV3kTgzlBky6-jy96NRdwjYrtcObhBANOAgAAAaFSAAAAGGgBB5kDBzgflOXzl1c7CNSOSVjKWmdd4H0TvMg77vv0CCGzHngqEYpvCRv8cCP3sxhFiV98FgT_dtsFCO6IbQn0ozQum-8yWFSoV0m9FOUcOyhZMz5ArNzMswdEWu3IatceOGMRP7yDFFmHJdfe6H0A5jm9cHWid9bK_Ui1kYNHSjNVqpVZ_xnVIwo5tQ6VGX1hjOuGDPD2BfAnJxcMJoqygmbreD72gCj7rOIAiF54Tjl97cXg6GnZz11ZKSZnBz4iX8ik-9l7n1Yur8I6QPyKDU0rzdXbbPVsmf__GRnZxGteUDmp2B-w2O-bSzO3YbeHtXFptsD-1Efpt9xwh9pG8_pmO1tlMUEnbj_gJt90zVxMp985LTtFQnoyPKxfp98S675nrO1bFqUYl0yq__FHlvVBmZGCapprJx0Rq68h77yUeDLUxiUKi8nsrroRPp_RgtAiCmjcD24yyRKSj0VO3G1ksUEGnKTaD-iXJHGGhsZiEzEAVdw8iOr2il1Q8kHSGhfWPYUJWQU9uGxsGbP5UBdsMrfm4sJKdPTGXZ-ccmZ6IgHGoQojVuehqNs6_iortj7bI84yk7JWbkDb10oUoit7DF2bGl4LT9qALE3nqbm91ZLjYAS748MkKOY2mLxwKudt1aAAcvyNzX2L9fVszG0rnmgeBQ3ELdvxdU00tNSduAhrhdeY2u7w1Xe176coQbNzITLN5zegU0USC6aNwKNM8pbaC8QOv4GhQENqNa8J2xMjlk4ns4VhbLFFNgkJU1j3voUqm7dsbPdiXqcxnVVLwPAKLNOO1fbc6b8zvJMr321Em1oSzxO-nNAFjjfL4Zot2x-8J7EXR9VPjoRmOKZCS389xLoTzwA9sQwm3wiHFgJ2P2Uq5Daj7BDB5EMPlM4aHVvxYEDeGoq_dccOm6owErMdfqxmNLatboClgKBGtZZovu35BuXNCvJT8qFoPShbeljub7CQ2Fly4cjGm_gljtu1WGZ2e3P1999sueAbMccKw7W0tktlO8vW-rGfiH8MzhjypcGs-uQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 161C 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6752625517959&version=m202307240101&ct=77&x=1&cor=4224576697527326700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85D1 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7563188817597&version=m202307240101&ct=77&x=1&cor=7346253054325709000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 05:52:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST int
lm.serving-sys.com/lm/ Frame 161C 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lm.serving-sys.com
URL: https://lm.serving-sys.com/lm/int

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:00:21	Name: is_unique Value: sc12916097.1693461143.0
.statcounter.com/	1970-01-21 00:00:21	Name: is_visitor_unique Value: 1693461143339192149
.xgcartoon.com/	1970-01-20 23:09:57	Name: _ga Value: amp-jmeVEV1wbS0jAusrS9p1Uw
.doubleclick.net/	1970-01-21 00:00:21	Name: IDE Value: AHWqTUnw9DSFSKAieonJ8CvU71t5qx__5NmuOBiq5F79OaII8w1Bi52JUh9w6RDRND4
.casalemedia.com/	1970-01-20 23:09:57	Name: CMID Value: ZPAqmlZ-DrDvba.hog0p5gAA
.casalemedia.com/	1970-01-20 16:33:57	Name: CMPS Value: 5224
.casalemedia.com/	1970-01-20 16:33:57	Name: CMPRO Value: 5224
.adnxs.com/	1970-01-20 16:33:57	Name: uuid2 Value: 3506592429733462718
.adfarm1.adition.com/	1970-01-20 14:24:22	Name: lv_5986089 Value: w=4774921\|t=1693461146
.openx.net/	1970-01-20 23:09:57	Name: i Value: 1ffab739-c5e3-4938-ae99-10ec04198efd\|1693461146
.adfarm1.adition.com/	1970-01-20 16:33:53	Name: UserID1 Value: 7273360239123431783
.doubleclick.net/	1970-01-20 14:24:24	Name: DSID Value: NO_DATA
.w55c.net/	1970-01-20 23:54:35	Name: wfivefivec Value: GZbVKnRM1QBABs5
.adnxs.com/	1970-01-20 16:33:57	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTw@XECK!@wnfH8K6pQK`!5=E<L5?%KB/2/kem+qw1k>y2g@:e_]g5m!@JJH1#6bDGbpRzqF1`*b^KP)n.k3
.pubmatic.com/	1970-01-20 14:25:47	Name: KTPCACOOKIE Value: YES
.adform.net/	1970-01-20 15:07:33	Name: C Value: 1
.w55c.net/	1970-01-20 15:07:33	Name: matchgoogle Value: 5
.pubmatic.com/	1970-01-20 23:09:57	Name: KADUSERCOOKIE Value: 3BBB8E58-CF8C-42D6-B1FA-55C23CDAA7A1
.adform.net/	1970-01-20 15:50:45	Name: uid Value: 1007127105308342352
.smartadserver.com/	1970-01-20 23:54:35	Name: pid Value: 6412020431186272460
.serving-sys.com/	1970-01-20 15:07:33	Name: u2 Value: 9f881148-c374-4230-a517-7e36d97ebe144Og06g
.googleadservices.com/	1970-01-20 16:33:57	Name: ar_debug Value: 1
.tremorhub.com/	1970-01-20 23:10:18	Name: tvid Value: c2920f7f815a4bb8ae8ab9a31fc22d68
.tremorhub.com/	1970-01-21 00:00:21	Name: tv_UIDF Value: CAESEMT8QpdAsN6TGOgEqUkcoso
.tremorhub.com/	1970-01-20 14:31:33	Name: tvssa Value: 1693461147006
.blismedia.com/	1970-01-20 23:10:01	Name: b Value: 64F02A9B47B3E8BE446431D4BLIS
.sitescout.com/	1970-01-20 23:09:57	Name: ssi Value: 31b58988-e5c5-445a-9539-7db86f5058c9#1693461147279
.lijit.com/	1970-01-20 23:09:57	Name: ljt_reader Value: HPcgpGZH9biuoCLpRta8TB46
sync.gonet-ads.com/	1969-12-31 23:59:59	Name: chk Value: 1
.yahoo.com/	1970-01-20 23:10:18	Name: A3 Value: d=AQABBJsq8GQCEKR9enrgyTRIw5BRcPoEU7sFEgEBAQF88WT6ZAAAAAAA_eMAAA&S=AQAAAiWCYmpvaUBofpWpxlOzJAs
.sitescout.com/	1970-01-20 15:07:33	Name: _ssuma Value: e30
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNrI0MTYwMTU0NjQwtzA1MDIxtxDiM9TNLDRx9gzMiIgwd3IDALHEFXMlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA129cpxsyyprAo1N_UyS86osjQvsPAyDwUAlLDsaR4AAAA
.rfihub.com/	1970-01-20 23:45:57	Name: rud Value: H4sIAAAAAAAA_-MSNrI0MTYwMTU0NjQwtzA1MDIxtxDiM9TNLDRx9gzMiIgwd3IDALHEFXMlAAAA
.rfihub.com/	1970-01-20 23:45:57	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA129cpxsyyprAo1N_UyS86osjQvsPAyDw3iNTSzNDYxMzQ0MTe2MHjFiMoHAJgPiEk9AAAA
.1rx.io/	1970-01-20 23:09:57	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-409b2d6a-197e-4976-98ff-a44e48d756f0-003%22%7D
.gonet-ads.com/	1970-01-20 23:11:23	Name: pid Value: MzhiZThmODg1ODZiYmMw
.yandex.ru/	1970-01-21 00:00:21	Name: yuidss Value: 2375236591693461147
.yandex.ru/	1970-01-21 00:00:21	Name: yandexuid Value: 2375236591693461147
fksnk.com/	1970-01-20 14:34:25	Name: AWSALBCORS Value: JcXgcdlDQFtEmQKCUiaH+kE7YE63x98Vycf2c5YFzRdz/qY4DHDog6pzHQr35538sJczMHNnxxifAy1L0iYEkJn7PcrkyPpUhVVJdOVJPeu8PxzCUeWIWodza1JA
.fksnk.com/	1970-01-20 16:33:57	Name: f_001 Value: A0BAD49A3B501639
.fksnk.com/	1970-01-20 14:25:47	Name: g_001 Value: 1
.targeting.unrulymedia.com/	1970-01-20 23:09:57	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-409b2d6a-197e-4976-98ff-a44e48d756f0-003%22%7D
.tribalfusion.com/	1970-01-20 16:33:57	Name: ANON_ID Value: ayntuJRwEfES2QVoq6vnSoKhITCS7qmFZb2OSadPZbYltbZbZaiq05RcBWWkMnlR0gbAiJpmxBqZcZaWWEc4ISl8mAyn1J
.serving-sys.com/	1970-01-20 15:07:33	Name: A6 Value: 112qcCzs10000frD000010000
.zemanta.com/	1970-01-20 23:09:57	Name: zuid Value: lkJmohw7QLy54yt1FeBv
.serving-sys.com/	1970-01-20 15:07:33	Name: eyeblaster Value: RES=32

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js(Line 1) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
other	warning	URL: https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js(Line 117) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js(Line 117) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js(Line 117) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5Banner.js(Line 117) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://www.xgcartoon.com/detail/heizidelanqiujuchangbanlast_gamehuanyinglanqiuwangjuchangban_zhongjiyizhanyueyu-tengjuanzhongjun Message: The resource https://83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

010f97e1459034dee2951b78fa1360ec.safeframe.googlesyndication.com
311a09b1788b656e24026e97401d2cd4.safeframe.googlesyndication.com
83b0475b868b3a920bbb67119b0ca747.safeframe.googlesyndication.com
a.rfihub.com
a.tribalfusion.com
ad2.adfarm1.adition.com
ad4.adfarm1.adition.com
ads.eu.criteo.com
an.yandex.ru
ap.lijit.com
b1sync.zemanta.com
bs.serving-sys.com
c.statcounter.com
c1.adform.net
cat.fr3.eu.criteo.com
cdn.ampproject.org
cm.g.doubleclick.net
csm.eu.criteo.net
ddc2a05e1cb18e9be9ec2593fbcf5736.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fksnk.com
fw.adsafeprotected.com
google.partners.tremorhub.com
googleads.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
imagesrv.adition.com
lh6.googleusercontent.com
lm.serving-sys.com
onetag-sys.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pm.w55c.net
pr-bh.ybp.yahoo.com
region1.google-analytics.com
rtb.nl3.eu.criteo.com
rtb.openx.net
rtb2-useast.e-volution.ai
s.tribalfusion.com
s0.2mdn.net
secure-ds.serving-sys.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-a.xgcartoon.com
static.adsafeprotected.com
static.criteo.net
sync.1rx.io
sync.gonet-ads.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
tr.blismedia.com
us-u.openx.net
www.google.com
www.googleadservices.com
www.googletagservices.com
www.xgcartoon.com
lm.serving-sys.com
104.20.218.77
142.250.185.130
142.250.186.130
169.150.222.217
174.137.133.49
178.250.7.9
18.194.35.23
18.195.120.244
185.64.190.78
185.80.39.216
188.42.105.236
193.0.160.130
2.16.238.136
2001:4860:4802:34::36
216.52.2.91
217.79.188.21
217.79.188.46
217.79.188.60
2600:1f13:800:7780:9846:83bf:7761:208e
2600:1f18:612b:4232:fe41:ef78:f1cb:19a5
2600:9000:223f:8c00:8:48e:53c0:93a1
2606:4700:10::ac43:2a0b
2606:4700::6812:18ad
2a00:1450:4001:812::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::4
2a02:6b8::90
2a05:d018:d29:3602:122b:3c04:1b89:43a2
3.74.29.98
34.96.105.8
34.98.64.218
35.186.253.211
37.157.6.243
37.252.171.149
37.252.171.21
46.228.174.117
51.89.9.252
52.213.146.58
54.84.218.161
70.42.32.191
81.17.55.170
98.98.134.243
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0348978a435efe42a3f0032226082bc4aedb9c569a9f387e8843a468c455c189
03aea036d7101b727344ac9853097ca385fec3cb43dcd3d9763365a69df06e41
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
086b025b2322e84e1d972bc9a32cea5102f46dfb32e614e9c58cd74abb2af6d2
08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
099657171463b4ada4b9bbf48a40e2305f67331a210ca4bc457051e0499ee23b
0a900465b905cf28901df2cefca2c4d037a289c5636f3f15d306404d46666eb8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e0b14d3a1bdbac333f8da9f82c4027f1286c78cecc498200a6bca8473d776cf
11496ce99b7a9c0fef0123dd8716306c79f7d35898b92546844a98f54cfec6ca
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14835ba3453c841197e3c0cb86c202613d993472d9134537e4b9d6b7b45afdc3
166ecf69ca3938b5fd811b87f83dd91a90ac384e9d8ea0c19c0c513d8c824ecb
179d66a48221a329b60064e288d6e2da96ce9007fb2dd9db5eccd14f87b3b3e3
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
236a81881a08fb36e15f4153b86711da54d9656df4fdc14881a89b0672cbedf5
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2b238632bac0e65b25d80c12d85ef0bb6d212430d25b4e13dd55f7c9bf62cd0d
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399
2e7adfd5e2d6bfd03b74146eb7fc02956bcafcf4deafaa3d681664b43d9f64a4
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
312b0fe0b3f731a02dd101f59a834f1782e7649570d2883d2c446c902f14a873
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
317d96a81b6f9b3b60b9e59433e0f04d37c6a1ebcb25857c6a35f3842a5de062
34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02
3522e3550376f697bd23370c6047accc60f70cddd2a0df9765123756ee2ab412
390f25db8163404ad9965f9e213d59b5c4d11ff7ad996d6b2d6e14335a41d5c4
3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a8a6f78b6bc5902ca04c5aee6e8a85fafebd0ba5002db63ed4a696f62d3b73
4a4dfc5504cdf9eddd4c2f77944f4c5bfef6a7fea772748a2f23ecf2c2fefca2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6fa2ec1523ce2a39b3e749ec9efec7448b873846c977204bd568eadbf64036
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e49b305b19fc3ec458dc06d14bb34601922deb19a429bb128b501b1f4a2ce3b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
531b4fb94b0938b3f5efc3a1ebd8055782ac8412d7d80935b4efa0a8bcc9962e
53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c5db5082715c5202625d60ddb3a623c679d3a5ddf15fc13b1970df029958d8
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
55e9e3401c32c770ec57935b18e1239080b358d14d715c487993eed73d242e81
5ab35a4ad3dc8423e979a361aedff5ff14d172e24038c2ee93231a17dda626fc
5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f
5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
631bd55599a6b4f749afa794e175c34ead00ba79ea0fa4bcd9f4e41279bc69fb
67d876ab8150c4e239e39d230ec802e7b42488da2eaa80cfbbdeee9c9aaee5f8
6bd75958872f79204923212cdba628e5ba4d6de293371b2c32b37ea439d77501
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6e6a47774076d2781e980b5879411af2bcd9edbf81e5af540bfa5355f8c6f600
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
79b9821a201bd541abd96cc1e32444736e0c0a03530dfda904a0e719bcd359a8
7ae0b8e3f80fd2c97dea35c4a3643b17368ea41e6e63f083065bfb2a38caf37c
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a
91cf683ee0db61e475ee4f5c12ba9281256db5662fd80f2b812067fd9d39b691
923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3
966749ad92650b6cecb61ec627223c6fd60de53306f20dd06236b40bd0fa5062
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40
9f5c12d87ae42761d6d5e00c60d16e36137b3c340c51012d3ec7406ba0b7df80
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26
a83ebeceb12f3b565dc092a879fe8a1d2b9d0a2f6a45a29096a840b8fd0bc347
abf7a8d4d18ae2ebc530990b5e97285e1584c3865dc2986468f55a0d21ae647f
af2bd3f28487312bdcc175c74527c27839b0e49a0cafd69ad5c22ddad8c28c92
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b93a131334f956bdcf7a7273c199dcb6bef112f2fa8d2cc86082e52141e06c3b
baf7e4a721e3d75d12fd982e1002611959b7e7ab945f6c002402cc3313f95af3
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c2c8745e4045c69a4e5014847db2f23786fa86d89b93fe2eb2a56e03ceee1dbb
c47b3029985ed53337b3aa5e250648f3e8920d14afb80fc9cb58e99672da7e48
c48a347589276e210594239d1da564be59751f16ef6ec3118abd66a39fbcb173
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
c8f5b0910ad1e7494f3713d5a7db386d0a92af4f28cff5b80ab2b198fe1303a3
cbc13196eb2fba04020a3e839c4d853e7e86eb4d1ceebd1fe3fe83445f3c3fb0
cc487336acb3ea5ed2cc6ca09757137d612286c0ebb00587a997ecbea9053546
cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfaf58be91df1aebaa5fa01acc0ab95a9ce4a87500acf5747003c5cc7fd16415
d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496
d1ba952e6bcf2df8d5c6ed6713885e358b08d5b7f6c75b1d291e4f886cee7896
d22a8386d59be57d02a256b254039882b157851f9d63e837ca269fbcbac01365
d7ac44679ad415621c83db2875ebae6bfd0df973233a281d0ee176fee8234aba
daf0d89f9e39725a6fe87f657e397661ae655b62d8dec80f97c7d4368d5ee7f6
ddb1f6bcc9baeab85589539ffd669becebbb5c3876a8447b550ac9ff273f5767
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55091bef23d757855b7298ac3c5449b609f667a2e428e026efad79124c08b17
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
e6ba221d2ec7188b7e2e7d35fde3e829ff7badf17324cbacb0c4017eee13c18f
ec50e8cc293aa75ef5fb92a4aa8123a01f00aa0e6cf9dfef913d6efd036d7154
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f0dd1b398b946a89d67c9dab7d24996499f9a28f22e29e4165125edf5d1734
f35730ce6466db793fae4126063c0ad9fec6ebc9130daa8dcc6438fc1f1e6217
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

247 Requests

88 %HTTPS

40 %IPv6

38 Domains

58 Subdomains

36 IPs

12 Countries

3144 kBTransfer

7853 kBSize

47 Cookies

1 Outgoing links

Redirected requests

247 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

247
Requests

88 %
HTTPS

40 %
IPv6

38
Domains

58
Subdomains

36
IPs

12
Countries

3144 kB
Transfer

7853 kB
Size

47
Cookies

247 HTTP transactions
12 data transactions