www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Submission: On September 05 via api (September 5th 2023, 9:01:33 pm UTC) from US — Scanned from DE

Summary HTTP 317 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 50 IPs in 12 countries across 46 domains to perform 317 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 24	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
71	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
10 34	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 7	104.18.39.155 104.18.39.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	52.16.244.190 52.16.244.190	16509 (AMAZON-02) (AMAZON-02)
30	2a00:1450:400... 2a00:1450:4001:806::2006	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
2 2	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	18.159.70.92 18.159.70.92	16509 (AMAZON-02) (AMAZON-02)
3 3	2a05:d018:d29... 2a05:d018:d29:3602:122b:3c04:1b89:43a2	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 4	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
7	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	2600:9000:21f... 2600:9000:21f3:6e00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:1f18:1ac... 2600:1f18:1aca:4282:5175:98b6:9c84:22b5	14618 (AMAZON-AES) (AMAZON-AES)
4	138.201.63.149 138.201.63.149	24940 (HETZNER-AS) (HETZNER-AS)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2 2	37.157.5.84 37.157.5.84	198622 (ADFORM) (ADFORM)
2 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 4	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	89.149.192.76 89.149.192.76	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 2	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
2 2	35.214.162.74 35.214.162.74	15169 (GOOGLE) (GOOGLE)
1 4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	23.212.218.19 23.212.218.19	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
2 2	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	3.10.47.90 3.10.47.90	16509 (AMAZON-02) (AMAZON-02)
1 2	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
1	141.101.90.96 141.101.90.96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.94 99.86.4.94	16509 (AMAZON-02) (AMAZON-02)
2	18.171.28.113 18.171.28.113	16509 (AMAZON-02) (AMAZON-02)
317	50

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.250.186.130 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.39.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.82 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.244.190 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-244-190.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:806::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.158.49 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Weil am Rhein, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.70.92 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-70-92.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3602:122b:3c04:1b89:43a2 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.237.56 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21f3:6e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f18:1aca:4282:5175:98b6:9c84:22b5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.149 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.84 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.223.111.18 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.149.192.76 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.214.162.74 (Groningen, Netherlands) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 74.162.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.218.19 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-218-19.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.243 (United States) 2 redirects

ASN21859 (ZEN-ECN, US)
PTR: ddos.com

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.10.47.90 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-10-47-90.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.96 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-94.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.171.28.113 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-171-28-113.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
117	googlesyndication.com 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 150 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com	995 KB
78	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 237 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 148426	629 KB
30	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 311	794 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 405	251 KB
10	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 884 static.adsafeprotected.com — Cisco Umbrella Rank: 607 dt.adsafeprotected.com — Cisco Umbrella Rank: 579	113 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	566 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com	442 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37964 hal900023.redintelligence.net — Cisco Umbrella Rank: 214940	55 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	3 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	4 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 239	4 KB
4	3lift.com 4 redirects eb2.3lift.com — Cisco Umbrella Rank: 388	2 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1326	777 B
4	yahoo.com 3 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 451 ups.analytics.yahoo.com — Cisco Umbrella Rank: 326	2 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41 ajax.googleapis.com — Cisco Umbrella Rank: 368	94 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30936 api.webgains.io — Cisco Umbrella Rank: 76621	18 KB
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 47866	1 KB
3	openx.net us-u.openx.net — Cisco Umbrella Rank: 478 rtb.openx.net — Cisco Umbrella Rank: 751	663 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 83	67 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	134 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 659	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 706	970 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3037	207 B
2	loopme.me 2 redirects csync.loopme.me — Cisco Umbrella Rank: 890	837 B
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 736	543 B
2	ctnsnet.com 2 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 6851	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 752	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 591	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4396	647 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 791	1 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 149
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 92540	3 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 596	363 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 348	265 B
1	o2online.de portal.o2online.de — Cisco Umbrella Rank: 89085	609 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 49150	2 KB
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 18330	703 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 186211	931 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 777	45 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 342	146 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1537	583 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 756	463 B
1	gstatic.com www.gstatic.com	15 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2547	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 9797	468 B
0	spotxchange.com Failed sync.search.spotxchange.com Failed
317	46

	Domain	Requested by
71	pagead2.googlesyndication.com	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com pagead2.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net tpc.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com s0.2mdn.net
36	tpc.googlesyndication.com	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com googleads.g.doubleclick.net www.xgcartoon.com 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
34	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
30	s0.2mdn.net	www.xgcartoon.com s0.2mdn.net
24	securepubads.g.doubleclick.net	1 redirects cdn.ampproject.org www.xgcartoon.com 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com googleads.g.doubleclick.net 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
10	www.googletagservices.com	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
7	googleads4.g.doubleclick.net	www.xgcartoon.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	www.google.com	tpc.googlesyndication.com 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com googleads.g.doubleclick.net 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
6	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com	cdn.ampproject.org
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal900023.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900023.redintelligence.net
4	eb2.3lift.com	4 redirects
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900023.redintelligence.net
4	dt.adsafeprotected.com	0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
4	static.adsafeprotected.com	0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com srcdoc
4	sync.teads.tv	1 redirects 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	pv.medialead.de	hal900023.redintelligence.net
3	pr-bh.ybp.yahoo.com	3 redirects
2	api.webgains.io	analytics.webgains.io
2	5994599.fls.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.youtube.com	s0.2mdn.net www.youtube.com
2	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com
2	ap.lijit.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	dclk-match.dotomi.com	2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	csync.loopme.me	2 redirects
2	onetag-sys.com	1 redirects googleads.g.doubleclick.net
2	ius.ctnsnet.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	c1.adform.net	2 redirects
2	ajax.googleapis.com	s0.2mdn.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	d5p.de17a.com	2 redirects
2	um.simpli.fi	2 redirects
2	fw.adsafeprotected.com	1 redirects www.xgcartoon.com
2	0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googleadservices.com
2	fonts.googleapis.com	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com hal900023.redintelligence.net
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	adservice.google.com	5994599.fls.doubleclick.net
1	rtb.openx.net	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	portal.o2online.de
1	track.webgains.com	googleads.g.doubleclick.net
1	www.awin1.com	hal900023.redintelligence.net
1	adv.office-partner.de	hal900023.redintelligence.net
1	ssbsync.smartadserver.com	googleads.g.doubleclick.net
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	x.bidswitch.net	0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
1	www.gstatic.com	43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
317	63

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G2	`2022-09-14` - `2023-10-16`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-07-21` - `2023-10-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
quantserve.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
pv.medialead.de R3	`2023-08-13` - `2023-11-11`	3 months	crt.sh
adv.office-partner.de R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
portal.o2online.de E1	`2023-08-02` - `2023-10-31`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh

This page contains 46 frames:

Primary Page: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Frame ID: CE79976E01A375E3205C6E4824ADA25B
Requests: 38 HTTP requests in this frame

Frame: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 82E587C250AE91973AC7B75B989A1237
Requests: 13 HTTP requests in this frame

Frame: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: DD86CE6D7DE888C286D108C3E7E47689
Requests: 12 HTTP requests in this frame

Frame: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: EE22E946A81B9865C00BA7363AB889C2
Requests: 11 HTTP requests in this frame

Frame: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: A9A80661A8D472104F8D2BAED6982A56
Requests: 9 HTTP requests in this frame

Frame: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: BE12AFACF82D486D3B59625D088FE1C1
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js
Frame ID: A1A658CB61CA939CF1AD5D8732116170
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230831/r20190131/zrt_lookup.html
Frame ID: 7D65D691D300C7DACF5AC38C82FAA238
Requests: 1 HTTP requests in this frame

Frame: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DFAA693CC6A677CFCBA2D41BC0B596BE
Requests: 1 HTTP requests in this frame

Frame: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: EAFD908123993BA6A12B114F7339123B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420
Frame ID: 5B312679CDE7F26065CC179AC66AF8F6
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Frame ID: 7348A14F098280DA8A9A10A0BB6B0B89
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5987F115E5420571F0C683D33D6098BC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C40FC8D20910102DA1268B9A7D69E31B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4FA35267DF697159D01430CC16C686F3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F21A70942CB58160CA6CCE8FDE1CA7DE
Requests: 2 HTTP requests in this frame

Frame: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 19DE548AEE31A078DAD80DA8BCFE9D4A
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXp718IR39dv5rpttdaKIXZwqwXW1Z86DDhVeS0Kgm1x5aNZrzIXZhn6wdnQRygtLBikGEps4KSingGmBFEmEIsqHvOE2Ep_XqT--OqAunGQltGzuk49qxRukoS97V2HKmgANYD6kddSYpqDI-GVnTVzhOhOikIp8R2jz_64DbeD0if7JU
Frame ID: 4F9BBCBF90406177C13BD12BD09FEB8E
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsugaNFhS6-dE5zXC9xsUrrfyKicjZ8d4U4yb1Gakt41gvlKeOuDRmDA5H7vqCwOjH7voGda0mvAUrteG2mvcSztV98V4esyVjCyw71Fhk9iAeeNujwvsKxan4h4DLZDHAmbWV6NiHDuSVZSZkbL3Rs_PPXS_vusBSiAC-2j5l17o0yDQCLHVsre6XYufY3j29enf7_c2klbj-JqdzUN_3wZHKIFBnMi4MD7NF4fzRnjkaH6ICIGFX26SBHVGHgEAgyxrAurFqLo0MsGsdIx45ZLiUMi04cj5WrxsxTwFjMxOd5VrGeYO1VcuUr9I_DCySqiifNm4jqTnhRLdfvojzjLwF14GsBhQ2IJ0tGBSlae82Xjxss&sai=AMfl-YQpywpX4-K22AIk9qoa6QDqoPAG9HeoFw9mYXG4yrKnIQMzdhsrCJQC__dvVcdNxnMMWi1NQPnLo2S_wWXYMoUIjQfoC_Ydq6cTGw&sig=Cg0ArKJSzB-cZ_-ErML_EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 8720CC3DC689B8826FD4F5AF1652507D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIY_Iay4gEwAQ&v=APEucNUD_ErfOY3vvNx2KOdSn26UazBXbYhl9msWK4VumvJ_z-16BaBanpZSfn5mYb1p0Ja_k24EYnzkN53RzrcWuPYzV00jPZqk0OjN8nT16kjbP4Rpe6h_k6vDnrfaw0aVNefbbTemNvkKMKuA82NgcSuzFT4Kgo625vvphMXass-cfz8Qrek
Frame ID: C663CB3A78DFB39E98F0F73BAD5CCF05
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E6FC90BC48FAD75E2E17C51F29C157D9
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE
Frame ID: 7B73831F2FE888FE7EFA82B16015F5A1
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
Frame ID: 5E01604D09395E86F2253F765C29337D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 90FB911E18633BC9B7DB672725D34314
Requests: 3 HTTP requests in this frame

Frame: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 823167C2722F78DF28ABFA29BCF772E2
Requests: 19 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 4F3306DEC4AF474C9A87A87E899A9118
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 32559BA468D3967E88FB5D842C11CC06
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNU9ZW2KukKVxPjo5LsNO-7Gv4IUOjI_LfALZUvB_0A45kogKdMpd-4lazEe5FEHNoQWEYiDnPsih5bxSIR8vn-7WHPLzE2Xew9f9HqJywI_mtpaxzx8A1Mrg3srBKZAtBldBCAd0zbSSv63UN6wPvvMyqpZ3R8V8zlDQHm8YnQHEY9jrCA
Frame ID: 34450977E1A04086B6632E2DC703144E
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
Frame ID: 9D0561CF9FE8EBBCB2F08F5CA94FF873
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F582990DF58730F5C6EC5AD7F017284E
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_728x90.js
Frame ID: 899C79D960BB5BB538503FFB610E812F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 419F57325C679C83DD0579833A501F5E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E928F66EBC71D70CBE9311885EAC8002
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
Frame ID: 75E3C89AF4429F3E3FDBFA5738D96D44
Requests: 11 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=99323500196079804444554012438023&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 0C411D9594259AD21C56849F810D6EAC
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 598F1913218F5EC7B13E876FE461C168
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2715B91E4A325346CF7BAC00B02AF4BB
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js
Frame ID: F8C906D7628D20075C40ACE337003D2F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B487F71121981F9B96689E27221E7A2C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C6A84C394A2C1D905155387D3714E866
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836
Frame ID: DD78BF631555AB02D31D725EB44E7BD3
Requests: 2 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Frame ID: 60090A931E7F7FD9097DD0D79ACFB36C
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A5B4DA757719E5460FB1FEC905D8BA03
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js
Frame ID: CBC44B3687C27F6DC97E121769CE8275
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EDDA20BD3B61C92B256F8E60B8E5AB94
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E657F1AAE44FA95C39E7466FAD37E109
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍜櫻花忍法帖（Basilisk ～櫻花忍法帖～）【日語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

317
Requests

89 %
HTTPS

38 %
IPv6

46
Domains

63
Subdomains

50
IPs

12
Countries

4188 kB
Transfer

10734 kB
Size

34
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://securepubads.g.doubleclick.net/pagead/adview?ai=CWSiBJJf3ZPjmIeeB2fcPxa2XuAeTxMvmcr-s4pOJEMOasonoOhABINPLzjBglaqggrAHoAGP9o-UKMgBCakC0H2RIxn_sT7gAgCoAwHIA9sEqgSsAk_QBoFAHTFNK0fjIPSI_OBJ_9t0V9__GsMuiD4RDCrbtHy3m8E9KOjjDLxHlSuGen_hy42ayH7OABOJgDrCxSwx5eEgRRMYFUFgV3BfJKwidK5gEPWAh71KjNXrHp27y7wI6R_cZCBVX8a-iB3xrO5tNwD5cwrzEXfUUFL7CzGM8xvhhjrqO9TTsJ6s0DEOr1Z6No51dSBVXSrnh7YfTPE0Q2PotgqU9RO2pI_fKMqGw5jJXlPTioLoY2tZ1TdhlcTP8Q6sJWQcj49QYJJijxiFwdEdb34nQIHSA54odMu6I8CzKwxaSU1bTMbKkd3kcZZxnKdggq4et8BNWJrI8G7hkwNXs17mTurNc3-bH48fGTLg-tE9qK7thSl8ySLC0rltlWwhqtedoDHNBMAElcbakfED4AQBiAWgubrYOZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfDreLzAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHAxDwLtIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCS5odHRwczovL3Jldml2ZS5kZS9jb2xsZWN0aW9ucy9uZXVoZWl0ZW4tbW9lYmVsgAoDyAsB2BMLiBQC0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=Jwc8PIF6Vnk&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWEGkE_NNbonAyD5bs0ZI_6KwbZ0ojdxgB&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227425332097409902295%22,%22debug_reporting%22:true,%22destination%22:%22https://revive.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210779622159%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221312661156988045121%22}&andc=true

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

Request Chain 109

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPeXJmt5Jqe6Olz6AmeTcAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

Request Chain 111

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

Request Chain 140

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPeXJmt5Jqe6Olz6AmeTcAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

Request Chain 142

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

Request Chain 148

https://um.simpli.fi/gp_match?google_gid=CAESEKV5OrTO450vlGxMSJGuTsY&google_cver=1&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbjAjuDrj_AZwiE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbjAjuDrj_AZwiE

Request Chain 149

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENLJ8bEsgABpz5SKUPia7yo&google_cver=1&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22YAQGb0NaV-eraA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTQ0OTkxMjUxMzMyOTMwNw%3D%3D&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22YAQGb0NaV-eraA

Request Chain 151

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOovyk84 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOovyk84&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Request Chain 152

https://d5p.de17a.com/cookies/google?google_gid=CAESEHj4ZPwxXFwEv1h10-UuEj0&google_cver=1&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEHj4ZPwxXFwEv1h10-UuEj0&google_cver=1&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb

Request Chain 153

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOzLCM8v_GTG8FjIm8S8n-A&google_cver=1&google_push=AXcoOmRTrJvR5LtbupY2vzJZ5hJYRneByMgm2ow574-KfGeSDlzaqou-7CaXHpYZSjLINMVX_xV6HsgyVJHblJ0gydvqEjZQs52GDg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRTrJvR5LtbupY2vzJZ5hJYRneByMgm2ow574-KfGeSDlzaqou-7CaXHpYZSjLINMVX_xV6HsgyVJHblJ0gydvqEjZQs52GDg HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFyvun9tzTN8_bsArPWDeNY&google_cver=1

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFop3FD1RTBzuRUeJxgD0GI&google_cver=1

Request Chain 168

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-5884294479391638&ias_chanId=1&ias_placementId=20338656165&bidurl=https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hwgljiJeRr0pMTGZkFlwi1&adContainerId=brand_safety_Jpf3ZPPzAZefjuwPjIytoAE&cbFunctionName=goog_wrapCb_Jpf3ZPPzAZefjuwPjIytoAE&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.xgcartoon.com&adsafe_type=g&adsafe_url=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:fc3baf81-192e-aca2-53d5-03e7f9a67ff8,c:nnCuYD,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6b8897859f-9v7ld,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tP1dRrd+111%7C1121%7C121%7C1221%7C123%7C124%7C1311%7C141%7C151%7C1521%7C153%7C154*.990511-61634096%7C1541%7C1542%7C1543%7C1544,idMap:154*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:20,oid:609204a6-4c2f-11ee-939c-3e43772998ef,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 195

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGyjYg0wV6qme_QDiVmicyA&google_cver=1

Request Chain 206

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEYgjODw7pbuCAQ5oXR_v48&google_cver=1&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3rlJ7DEdab3z6CSNaxc2ouyyBs9vjqfCPY3C4fjBL3pL9fgKdK-x8rEMLTUMjv9B2F9a_bWN6zv5v HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEYgjODw7pbuCAQ5oXR_v48&google_cver=1&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3rlJ7DEdab3z6CSNaxc2ouyyBs9vjqfCPY3C4fjBL3pL9fgKdK-x8rEMLTUMjv9B2F9a_bWN6zv5v HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTYxMTgwNjk1MTcwMzMwNjk0NA&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3rlJ7DEdab3z6CSNaxc2ouyyBs9vjqfCPY3C4fjBL3pL9fgKdK-x8rEMLTUMjv9B2F9a_bWN6zv5v

Request Chain 207

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPWB28-nRfV0N50UicKa59o&google_cver=1&google_push=AXcoOmThHlWqkMQRJoXAyC85btWjL2w0kEyQ-wHuLvKlVtuG9OGFUdgF-sesX59usLyMF04EDtJ4-cJDWRkEqnm6l1ndnbWopaQKjqSB9pdUfEHkireDQmI57njQ15RlaI2rGnq8jVUkGvhxKvdHqF0A2Qs HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPWB28-nRfV0N50UicKa59o&google_cver=1&google_push=AXcoOmThHlWqkMQRJoXAyC85btWjL2w0kEyQ-wHuLvKlVtuG9OGFUdgF-sesX59usLyMF04EDtJ4-cJDWRkEqnm6l1ndnbWopaQKjqSB9pdUfEHkireDQmI57njQ15RlaI2rGnq8jVUkGvhxKvdHqF0A2Qs&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aoZmG_UGQzu19lNC7qkHHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmThHlWqkMQRJoXAyC85btWjL2w0kEyQ-wHuLvKlVtuG9OGFUdgF-sesX59usLyMF04EDtJ4-cJDWRkEqnm6l1ndnbWopaQKjqSB9pdUfEHkireDQmI57njQ15RlaI2rGnq8jVUkGvhxKvdHqF0A2Qs

Request Chain 208

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3o3zlBZDUp5bmB4xuG2qcke-Mr3p4UjfpUBNsmnCBNjMJCklE3j_0_GmE HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3o3zlBZDUp5bmB4xuG2qcke-Mr3p4UjfpUBNsmnCBNjMJCklE3j_0_GmE&google_gid=CAESEIleHmckEDEItFmO9SZs1wM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3o3zlBZDUp5bmB4xuG2qcke-Mr3p4UjfpUBNsmnCBNjMJCklE3j_0_GmE

Request Chain 210

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESELY8skQVn3Bc2wEsXMN0hN4&google_cver=1&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0qIWj5vjwGSHaVF2xdwn-wLxx-1kc8e3NU3q9O5jCtwHT9HoVZ4iO0bimRtfiQL6gQFFhsR3vjDGljmwQ6uYntbSw-B HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0qIWj5vjwGSHaVF2xdwn-wLxx-1kc8e3NU3q9O5jCtwHT9HoVZ4iO0bimRtfiQL6gQFFhsR3vjDGljmwQ6uYntbSw-B&google_hm=9jztrqHeQUaCftL_U0Lvy4Q

Request Chain 211

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAqH0rIomgFH4e_KZrVRK_A&google_cver=1&google_push=AXcoOmTT8fTkREaItu6MVHCZrI3P5s_9PRqqL71KCfXbNi1VvyswhptTpEEhReqk_CXkn960Uxpq5p-AhDpBUzdW6-U5DR7vDV7-rdX_NHs4neutIrd_MxvEJ8wZM6XWn8GRYhU2c5ZEdnWxA9Aviccqsvam HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTT8fTkREaItu6MVHCZrI3P5s_9PRqqL71KCfXbNi1VvyswhptTpEEhReqk_CXkn960Uxpq5p-AhDpBUzdW6-U5DR7vDV7-rdX_NHs4neutIrd_MxvEJ8wZM6XWn8GRYhU2c5ZEdnWxA9Aviccqsvam HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 212

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&google_cver=1&google_push=AXcoOmStR4t7czJ_zBhO4OAunOLsddrX6hmPQdujrga6TkjwJulIp01hiXMQk_idHdiNxFvBCe18lYwWLBVy1hEvzxOWeiCe68erm_fSpzMfmuNbu2tcCtqNLeLN9HXoIlSGgkoStr6nBy7gCyEVjTeLGCSm HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmStR4t7czJ_zBhO4OAunOLsddrX6hmPQdujrga6TkjwJulIp01hiXMQk_idHdiNxFvBCe18lYwWLBVy1hEvzxOWeiCe68erm_fSpzMfmuNbu2tcCtqNLeLN9HXoIlSGgkoStr6nBy7gCyEVjTeLGCSm&gdpr=${GDPR}

Request Chain 217

https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 250

https://um.simpli.fi/gp_match?google_gid=CAESEKV5OrTO450vlGxMSJGuTsY&google_cver=1&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_cQBT6YzMAKQO0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_cQBT6YzMAKQO0

Request Chain 251

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEC1s74VEtnUrJRieEZ_3_0s&google_cver=1&google_push=AXcoOmQ2vKQpDTZG3ecVks3ix9joqBum9Lf19lNP0qECougjPk1qNN-3WVY5i0_YfyD2O0bcrtmd9-ZNcDBA5JuHzLwCWo00KQwP HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEC1s74VEtnUrJRieEZ_3_0s&google_cver=1&google_push=AXcoOmQ2vKQpDTZG3ecVks3ix9joqBum9Lf19lNP0qECougjPk1qNN-3WVY5i0_YfyD2O0bcrtmd9-ZNcDBA5JuHzLwCWo00KQwP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=CZHmup14T6iNrFNhU5ylzGT3lyc

Request Chain 252

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35Kx1GX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35Kx1GX&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Request Chain 253

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGLiVlNKtxvCORcuTeCJrZ0&google_cver=1&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGLiVlNKtxvCORcuTeCJrZ0&google_cver=1&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I&google_hm=HRbNuGZHH8e4XAIURNKc2kAc

Request Chain 254

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6BCSmcb4ZJ8ZByF4gg1jW16K8BGDw6pD1gPmnXqy4BAI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6BCSmcb4ZJ8ZByF4gg1jW16K8BGDw6pD1gPmnXqy4BAI

Request Chain 255

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&google_cver=1&google_push=AXcoOmROwUvKGRWkLlo5RFoQciJDbfo3yVadMsdEXpn4DilgmVtr8IPmBxtfm3J02Bi9Z7DPfCbHeVsS02egcn67zwmPUrEKcE_i3Q HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmROwUvKGRWkLlo5RFoQciJDbfo3yVadMsdEXpn4DilgmVtr8IPmBxtfm3J02Bi9Z7DPfCbHeVsS02egcn67zwmPUrEKcE_i3Q&gdpr=${GDPR}

Request Chain 276

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836

Request Chain 298

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2oa3TRXg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2oa3TRXg&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Request Chain 301

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_YV_9iY4bwHmwIZJFKf3gmvyyGxKmoF8S7G35RCd1dOeD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_YV_9iY4bwHmwIZJFKf3gmvyyGxKmoF8S7G35RCd1dOeD

Request Chain 302

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESELY8skQVn3Bc2wEsXMN0hN4&google_cver=1&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j185nVsgeCviKnLq6R5qjemAeL0r7s2zkWpUxw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j185nVsgeCviKnLq6R5qjemAeL0r7s2zkWpUxw&google_hm=9jztrqHeQUaCftL_U0Lvy4Q

317 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji Show response
www.xgcartoon.com/detail/ 84 KB
18 KB 915ms
446ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d4d799f707912b744de3ed07eaff7dd1527badf38b255e424501d96b5ec0b63e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 05 Sep 2023 21:01:23 GMT
etag: "14e85-6TpS0EK/r3df0ImO3iWtl/Ci0Uo"
expires: Tue, 05 Sep 2023 21:02:23 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 277 KB
71 KB 98ms
28ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc9a725bf6c833672ef4dcba2d2519271918b9dc6a1025de78abaa552152ffd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72941
x-xss-protection: 0
server: sffe
etag: "1fd4dd9eff57c430"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 94ms
25ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42972833f3cd3e67adf2a2d107f2982a6901d6ed8b5b379d8822d18ca67b036e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23124
x-xss-protection: 0
server: sffe
etag: "91fba5c7cd59114d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 85ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b491eb99f9549187dc757f548439a68f8d385df9f7397f8f100cabd3391c4a2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9429
x-xss-protection: 0
server: sffe
etag: "0f2e69affa5191d7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 50 KB
15 KB 87ms
23ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0809abae4993d7aa20f26fd2f096e478bbb3ec27bae0be65d52f702cd65b5941

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14979
x-xss-protection: 0
server: sffe
etag: "a24acf355e95977e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
16 KB 81ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

654025901511fabd988a4842e4bbafe98ce91ba2f4a63df1f2c3b994643d8017

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15373
x-xss-protection: 0
server: sffe
etag: "d317937609610457"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 83ms
18ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34ceeca6156452a781004a85b58e62d32cef13a733dbaa8d53747f59ac31b0c0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4744
x-xss-protection: 0
server: sffe
etag: "b037f357d3f1155b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59c0eee45d147d68a40864deb144f07fe8f427b8b17691b8b1e1c32c6f2eeb42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10339
x-xss-protection: 0
server: sffe
etag: "6b0a8d436e5c7ad3"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
31 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71367f94c1b70e405665a960650d544ac4eda6ff628ae206d5826766dc674e96

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 21:01:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32129
x-xss-protection: 0
server: sffe
etag: "d5ab003501cb3fb7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 05 Sep 2023 21:01:23 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
468 B 168ms
142ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:23 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 8021683e4e3e363c-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 236ms
236ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:23 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Tue, 05 Sep 2023 21:04:23 GMT

GET
H2 200 yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji.jpg
static-a.xgcartoon.com/cover/ 149 KB
149 KB 808ms
727ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6dae7b187885b31ef6a9852c600d53f1d9ea668502f06400fda8a501c764fd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
cf-cache-status: HIT
last-modified: Sat, 26 Aug 2023 23:54:47 GMT
server: cloudflare
etag: "89ABD0BE73952C4A0369D85B9616785B"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8021683f9b8f9b9e-FRA
content-length: 152382
expires: Thu, 07 Sep 2023 01:59:21 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 236ms
235ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:23 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Tue, 05 Sep 2023 21:04:23 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 238ms
237ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:23 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Tue, 05 Sep 2023 21:04:23 GMT

GET
H2 200 weigongjiajintiandefanriyu-taa.jpg
static-a.xgcartoon.com/cover/ 80 KB
80 KB 1074ms
993ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/weigongjiajintiandefanriyu-taa.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db6769bf23a64b366aaec1bd6a73697730bddbeab30537b5d7699023522125f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
cf-cache-status: HIT
last-modified: Mon, 24 Apr 2023 11:51:26 GMT
server: cloudflare
etag: "A478B131DC8F07E2649698B2CDC2F494"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8021683f9b949b9e-FRA
content-length: 81917
expires: Thu, 07 Sep 2023 04:54:05 GMT

GET
H2 200 asalierweilaideminjiangushiriyu-xiatianzhengmei.jpg
static-a.xgcartoon.com/cover/ 84 KB
85 KB 1077ms
996ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/asalierweilaideminjiangushiriyu-xiatianzhengmei.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad740f627b4581a8b2a71a7bbbbfbb0ff96000879b57a5d7dfac84e1edb4b8d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
cf-cache-status: HIT
last-modified: Thu, 09 Feb 2023 02:12:57 GMT
server: cloudflare
etag: "7E035FE6B45E4E672CFFA9E2D1FB67AE"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8021683f9b959b9e-FRA
content-length: 86516
expires: Thu, 07 Sep 2023 03:40:12 GMT

GET
H2 200 xitongbiwozuohuanghou_dongtaimanhua-liuyuexuegongzuoshi.jpg
static-a.xgcartoon.com/cover/ 83 KB
83 KB 1074ms
993ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/xitongbiwozuohuanghou_dongtaimanhua-liuyuexuegongzuoshi.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac79466527bbddc1f62ebc9439506bf48c8c6f19cfbb8e2bb71541c45e0e032d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
cf-cache-status: HIT
last-modified: Thu, 15 Dec 2022 12:57:23 GMT
server: cloudflare
etag: "E81F01E9640F73669094983EFA490030"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8021683f9b969b9e-FRA
content-length: 84563
expires: Thu, 07 Sep 2023 04:55:41 GMT

GET
H2 200 ayakaayaka_-lingdaoqitan-riyu-zhangshanyanhao.jpg
static-a.xgcartoon.com/cover/ 11 KB
11 KB 864ms
783ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/ayakaayaka_-lingdaoqitan-riyu-zhangshanyanhao.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64f25ebf1f595475aa3a4d300a5ebbd9f53103a8efbadf389296c50bd966a558

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 02 Jul 2023 05:22:25 GMT
server: cloudflare
etag: "CF4C22F0902AACA31F17AD1A4594EEF7"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8021683f9b979b9e-FRA
content-length: 10882
expires: Thu, 07 Sep 2023 07:24:16 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012308242321000/v0/ 8 KB
3 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308242321000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2c826e69e9064b3bbaf8c82fca27f76762936cab8d3704388c5f560b56f82fc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 05 Sep 2023 17:46:30 GMT
age: 11693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2968
x-xss-protection: 0
server: sffe
etag: "20a8808a3fce3085"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Sep 2024 17:46:30 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012308242321000/v0/ 237 KB
63 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308242321000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8833bac0069b4cd7d4afc62f869ec2d1d7f5c59a9e2ed9b9490de73e5723e2d2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 05 Sep 2023 17:46:32 GMT
age: 11691
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64143
x-xss-protection: 0
server: sffe
etag: "8b5731faa80e47c3"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Sep 2024 17:46:32 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012308242321000/v0/ 12 KB
4 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308242321000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83080dd98c9b6f663826528f01fbdb912fcfc91e709dc0628650d9f3cd7d0b42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 05 Sep 2023 17:46:31 GMT
age: 11692
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3948
x-xss-protection: 0
server: sffe
etag: "a02df160e36bd176"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Sep 2024 17:46:31 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 536ms
515ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308242321000&d_imp=1&c=1005192&ga_cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ga_hid=5192&dt=1693947683804&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&bdt=270&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5493ab592bdac0cdcfc88c81d7f36c94bbeafa9de767b7a4254b3b403cdfd766

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13054
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CN212--ulIEDFdJs0wod-7EMjg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 107027453313
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 05 Sep 2023 21:01:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
24 KB 291ms
270ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=819&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308242321000&d_imp=1&c=1005192&ga_cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ga_hid=5192&dt=1693947683804&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&bdt=270&dtd=15&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d70a2cb1a55235c78097ec619ccc638fd9017c14902e2f43691670d428b7d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23261
x-xss-protection: 0
google-lineitem-id: 6136663858
x-qqid: CO-72--ulIEDFYNr0wodhvwEsA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138440861539
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 05 Sep 2023 21:01:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 1224ms
1203ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308242321000&d_imp=1&c=1005192&ga_cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ga_hid=5192&dt=1693947683804&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&bdt=270&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77d225475d67aba44f451d1f7feb38a771517c8a13d3582b14c98108c4af0009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x250
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13032
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CI222--ulIEDFUbE3gody3wEsw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 107027454513
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 150 KB
41 KB 1088ms
1067ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308242321000&d_imp=1&c=1005192&ga_cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ga_hid=5192&dt=1693947683804&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&bdt=270&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16278013b2a615ad8cb5ce79fc0e5c0caf5ecd99c053186b0df62ca0aad53303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 336x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42163
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CPiIhvCulIEDFedA9ggdxdYFdw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 05 Sep 2023 21:01:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 756ms
736ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308242321000&d_imp=1&c=1005192&ga_cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ga_hid=5192&dt=1693947683804&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&bdt=270&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9efe42a36ab8293cfdeadd010c7c1bd3569cde95ebf9bcf92035c3654a23c3d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23264
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: COq_2--ulIEDFWpJ9ggdFqoHNw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495322
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 05 Sep 2023 21:01:24 GMT

GET
H2 200 container.html
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 77ms
15ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012308242321000/v0/analytics-vendors/ 2 KB
886 B 9ms
7ms Fetch
application/json 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308242321000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 05 Sep 2023 17:46:46 GMT
age: 11678
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "13417016125ec007"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 04 Sep 2024 17:46:46 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 238ms
237ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
AMP-Same-Origin: true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:24 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:04:24 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 35ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=5192&cid=amp-MvTeGGdq0wM_H1MyVHTqaw&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&dr=&dt=%F0%9F%8D%9C%E6%AB%BB%E8%8A%B1%E5%BF%8D%E6%B3%95%E5%B8%96%EF%BC%88Basilisk%20%EF%BD%9E%E6%AB%BB%E8%8A%B1%E5%BF%8D%E6%B3%95%E5%B8%96%EF%BD%9E%EF%BC%89%E3%80%90%E6%97%A5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1693947685&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:24 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 82E5 6 KB
3 KB 17ms
16ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DD86 6 KB
3 KB 13ms
12ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EE22 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A9A8 6 KB
3 KB 9ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BE12 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 82E5 24 KB
7 KB 63ms
14ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 456013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 30 Aug 2024 14:21:12 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 82E5 18 KB
8 KB 72ms
51ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74599394a7b5a085af0d025e5b61e38728f27c1c516a455c72878133a08ef0b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7895
x-xss-protection: 0
server: cafe
etag: 4688083358928127367
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 82E5 181 KB
57 KB 64ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame DD86 98 KB
29 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f7ce885ed21cef6ef4c9c35a8564b6531b94b242dbb96e56d2e0cb7121f6973

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28994
x-xss-protection: 0
server: cafe
etag: 97 / 19605 / m202308310101 / config-hash: 9286762689393535273
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DD86 181 KB
57 KB 56ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame DD86 0
438 B 47ms
47ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmJTFImD0h6s37OVUrLJro8YqHiZyiK8GB_Ruk170TH6x8_WPMVL3HKFR9HHa3W95PTLRBi1X5_NqAb9Um81pu-WjkJN_l9u3j2Fa4hQLyu2PsagdTI8SsEy94NL3rTKqMvuonOtWIilx1sgkqFyfy8xiV2HUWxWPQJJefno72QA0PsTZM6xhAX7D-oVG2wUxhmSfiSRO2UDUl6AVkrRiWiGxnI-3NY2wQRwMF5T0CRiotO4OorWrQOvhuK2oZxCT8MkTb6alpmO7LfWXSn5jQUNhAopKt7eDiHRxZrwNPdcm2n_d6xc_7LGmu-XtB-2vwQORdH9SBhlA8oMOHM5pRYp_ZBopSTnvt7zuizaihhklyNOQ&sai=AMfl-YQt0rF7GS4w-wTxs7zrb_xNJ0pnU-5LkQFP9CDBIjBAnaaB5vrzrGSh_29N6qLZU44AlqJuBvpurmxtLUM&sig=Cg0ArKJSzMa8fAvHBshfEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame EE22 24 KB
6 KB 40ms
17ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 456013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 30 Aug 2024 14:21:12 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame EE22 18 KB
8 KB 92ms
92ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e173425b34fc5f21f1855861dcf2e77b5df79525c0767da13ca0f8f712abda9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7905
x-xss-protection: 0
server: cafe
etag: 2334587785681215423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE22 181 KB
57 KB 59ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A9A8 2 KB
975 B 47ms
20ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 20:22:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame A9A8 2 KB
973 B 24ms
12ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:30:11 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/ Frame A9A8 23 KB
9 KB 23ms
12ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/abg_lite_fy2021.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:30:11 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame A9A8 3 KB
1 KB 23ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/window_focus_fy2021.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame A9A8 20 KB
8 KB 19ms
9ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A9A8 181 KB
57 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 3c1ec1505caf618a1f8c049839112e9c.js Show response
www.gstatic.com/mysidia/ Frame A9A8 36 KB
15 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417130
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15058
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 22:08:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 30 Nov 2023 01:09:15 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame BE12 98 KB
28 KB 154ms
153ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbfd9771c8ef1186778c283ca2f58052ed2f193aec21b51de3921a8217ee807d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28988
x-xss-protection: 0
server: cafe
etag: 932 / 19605 / m202308310101 / config-hash: 9286762689393535273
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BE12 181 KB
57 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE12 0
29 B 50ms
49ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssyzwXGN4W6r6Lv-KIClni8ypZvGtD5zGOJ3zp9yv5IZcNgc5V4cvRnVEX64EHBSVX1PH6svM16b7tXX5nFDUWkdYNde_xXvFJ-qjxf_0Q7BC5ADsOW0nSy4hxSIPVMPPl_JkjhyKKwD-Oay-Fsj86_2frOsCH2cabu3IwPz5e44eYivA7VuODU8aei4wkEGuJ0j8Tak98rWWkDzCchT9vjJBfMFPCHMfSXAGQ0tXesrEhbHDZNVJOS3TPlUQGD6ISr9qlAVsSESIdPLF2yk-4_aMKbGuXLYw0mNLNSWowEu8pE1JFdTM9ldfoAxrbYzSnxQQnWZu38g6tJoygEvt4FaeYTLS6FBTTAaDvaMCJWoGl9S6U&sai=AMfl-YTeQcMCtjJVsaYjXDVhEb_7lmzU3vN5_5mqJtcJPOJMe2OS3rDcUb0RHi0pz_1wE-dunIu7BLGP0dXApM8&sig=Cg0ArKJSzNqfJLMBpim7EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 82E5 0
26 B 51ms
51ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQ0rPI-8NWn88r4MVYM-JWHy8Rit8IMT27b83RtYCB8afcpsxRm7-Idn3W-8pTV_24dtt72SlO0dSPqPujAVlYLBakEgD1_kw1Jymi3OE0bvO9CPTJBEiR3dRR0hhQSObzPWnktg1waxIfzyBoza_f0zlmMmMpDtg-wxKyTyR4SwYms3ibW8EynA1b8Izsp0ZN-r3gJ6Q1FzgRmg1L4johpyoB3tDs6ZljfWch6yLOaUwcpR8XvA0GUIltsB81Sfu5LtE2uzPXBE7ZINR0m2RrQig2FBO77p7W-gnQmCoDHmQ9BeDSHm0ywYoBo4zrENVKUjAqJb071BppnDoWWMyg4Sqqrc030VjthD8jJxiV&sai=AMfl-YTZ4S9HaGcoy1zwteI2veGzYmm-tawQ5fsAAZPG4Yeppe2D7IjEh4Oj0zAwJBaq9XckZtE5pmM4j5omRmo&sig=Cg0ArKJSzGVi2P0bbxnqEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE22 0
26 B 57ms
56ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvIXuDX7tapBcaVdkZFEhcOw82bF16WRckbZ0dnoF04xxPnBumPw345tAH5KPvotj_aKpmaEvuk6Y0iAzuSq9izgutJ4Se--1-TRJfjdDgtu18Ixz0uN1iFTlu2ijRLhn-1uYciPVnW5YDvhOE2NQj2xsMV0zm2D97enPzfvIpYRLDQGyC98PUavkgKbgbeoBNHKbSxRaWlx4dcqF4cJhw_PZjsRNbINzACYkYUgWeBhlinsh_V1CaH7ssYu3B8cUmTk4QyqczzE4-wvDolFslJJw-058DuQaLYBFhZWDb4lK8iaEjVxVkTFyC2yEV8o3v8QsFqhI7bQQhdLqGNa3X8GZ1IqeHAzA_6gzmmzwI&sai=AMfl-YR8742pCBIoA8QjYrkuTt5kLyAlrwoWCt_lbLP1JfBAKorpLJxH47wcvGMfdllCYdXvM8d-vZuwUg82C2Q&sig=Cg0ArKJSzP9zCAEEEn0aEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
URL: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 82E5 143 KB
49 KB 99ms
98ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8fa53bcd09110b393a42ea6a83effb0d6c32df31a1762067c4cd59fa5d2ff70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50413
x-xss-protection: 0
server: cafe
etag: 15752988431079063745
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EE22 145 KB
50 KB 96ms
96ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c2b8bf6d7f578acc716ccea1176e3c24dfb58f7d495a86801025a503240d503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50907
x-xss-protection: 0
server: cafe
etag: 9253405504654006412
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
DATA 200
OK truncated
/ Frame 82E5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36c27e4949d0f65221074e05f28bdbc9fe300a1bc0e4a912b3bf6bb456d26fa1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DD86 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e1ea4a937fc26f29bacd96baf8210ccf1a437d4756f81bf6a7cd9b60698f3f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BE12 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 110a66d092384f77c40591909e538c8c92f6c2674d8afeb92244a80b41efc7db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame A9A8
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CWSiBJJf3ZPjmIeeB2fcPxa2XuAeTxMvmcr-s4pOJEMOasonoOhABINPLzjBglaqggrAHoAGP9o-UKMgBCakC0H2RIxn_sT7gAgCoAwHIA9sEqgSsAk_QBoFAHTFNK0fjIPSI_OBJ_9t0...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227425332097409902295%22,%22debug_reporting%22:true,%22destination%22:%22https://revive.de%22,%22event_report_window%22:%222...

0
0

57ms
40ms

Fetch
text/css

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227425332097409902295%22,%22debug_reporting%22:true,%22destination%22:%22https://revive.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210779622159%22],%224%22:[%2209-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221312661156988045121%22}&andc=true

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7425332097409902295","debug_reporting":true,"destination":"https://revive.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10779622159"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"1312661156988045121"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:25 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7425332097409902295","debug_reporting":true,"destination":"https://revive.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10779622159"],"4":["09-05"],"6":["true"]},"priority":"500","source_event_id":"1312661156988045121"}&andc=true
access-control-allow-origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 59ms
42ms Preflight
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CWSiBJJf3ZPjmIeeB2fcPxa2XuAeTxMvmcr-s4pOJEMOasonoOhABINPLzjBglaqggrAHoAGP9o-UKMgBCakC0H2RIxn_sT7gAgCoAwHIA9sEqgSsAk_QBoFAHTFNK0fjIPSI_OBJ_9t0V9__GsMuiD4RDCrbtHy3m8E9KOjjDLxHlSuGen_hy42ayH7OABOJgDrCxSwx5eEgRRMYFUFgV3BfJKwidK5gEPWAh71KjNXrHp27y7wI6R_cZCBVX8a-iB3xrO5tNwD5cwrzEXfUUFL7CzGM8xvhhjrqO9TTsJ6s0DEOr1Z6No51dSBVXSrnh7YfTPE0Q2PotgqU9RO2pI_fKMqGw5jJXlPTioLoY2tZ1TdhlcTP8Q6sJWQcj49QYJJijxiFwdEdb34nQIHSA54odMu6I8CzKwxaSU1bTMbKkd3kcZZxnKdggq4et8BNWJrI8G7hkwNXs17mTurNc3-bH48fGTLg-tE9qK7thSl8ySLC0rltlWwhqtedoDHNBMAElcbakfED4AQBiAWgubrYOZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfDreLzAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHAxDwLtIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCS5odHRwczovL3Jldml2ZS5kZS9jb2xsZWN0aW9ucy9uZXVoZWl0ZW4tbW9lYmVsgAoDyAsB2BMLiBQC0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=Jwc8PIF6Vnk&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWEGkE_NNbonAyD5bs0ZI_6KwbZ0ojdxgB&template_id=494&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Sep 2023 21:01:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame A1A6 38 KB
14 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/ Frame DD86 403 KB
127 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c858b03cd6f32628792b68fa1f0f913c4d3cfcdb5f9ab57b8be110972d251be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:20:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13244
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129723
x-xss-protection: 0
server: cafe
etag: 14901160554504536944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 04 Sep 2024 17:20:41 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/ Frame 82E5 377 KB
128 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5884294479391638&plah=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com&bust=31077588

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c42f70272f83d0995070c3780d3fe8ea2250271c63c21cf7518f721f1c6faba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131259
x-xss-protection: 0
server: cafe
etag: 12411776640484488744
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230831/r20190131/ Frame 7D65 10 KB
5 KB 29ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230831/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 20:24:30 GMT
etag: 9878862242593084568
expires: Tue, 19 Sep 2023 20:24:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/ Frame BE12 403 KB
127 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c858b03cd6f32628792b68fa1f0f913c4d3cfcdb5f9ab57b8be110972d251be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:20:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13244
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129723
x-xss-protection: 0
server: cafe
etag: 14901160554504536944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 04 Sep 2024 17:20:41 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/ Frame EE22 384 KB
130 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5884294479391638&plah=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86e213545d0e288b61dd667340f8ba1d4cf1b2fa07348e69e4fd8fdfa44978c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133326
x-xss-protection: 0
server: cafe
etag: 7344028421422940601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 71ms
43ms Preflight
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Sep 2023 21:01:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame DD86 56 KB
20 KB 328ms
328ms Fetch
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3041573405313352&correlator=2201206713062428&eid=31076399%2C31076474%2C31077227&output=ldjh&gdfp_req=1&vrg=202308310101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com&abxe=1&dt=1693947685541&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=6apglfpja4aj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&loc=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=160x0&fws=256&ohw=0&ea=0&dlt=1693947685097&idt=423&prev_scp=in2w_key9001%3D1%26in2w_key%3D15%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D15%252C16%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D7&adks=3449373903&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

978f05cdbafb11e08c46882ecf64fb971687b8ead58f568b9274f1aa1a296ee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20317
x-xss-protection: 0
google-lineitem-id: 6135185025
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376945779
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DFAA 6 KB
3 KB 35ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame BE12 23 KB
11 KB 258ms
257ms Fetch
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4034324332504880&correlator=1800022519324646&eid=31077227&output=ldjh&gdfp_req=1&vrg=202308310101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com&abxe=1&dt=1693947685572&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=tm4bdkijrstx&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&loc=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1693947685119&idt=441&prev_scp=in2w_key9001%3D1%26in2w_key%3D89%26in2w_key2%3Dnope%2Cbenchmark%26in2w_key3%3Dnop%26in2w_key4%3Dnop%26in2w_key5%3Dbenchmark%26in2w_key6%3D--3---%26in2w_key7%3D1580%26in2w_key8%3D89%26in2w_key9%3Dbenchmark_request%26in2w_key12%3Dbenchmark%26in2w_key15%3Db0%26in2w_key16%3D1&adks=1713380494&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2cdb6b3ceb8bf074e66b6def64121e34d3f64f577b797838241481dbaa0c600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11092
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EAFD 6 KB
3 KB 44ms
15ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5B31 24 KB
11 KB 460ms
459ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5884294479391638&plah=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com&bust=31077588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91e953bc136ae9ec5bb22f7b7831f0ca81c029374f595184d1c3af89a4870a41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11399
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DD86 0
0 42ms
41ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5cvi0j98HRcoywwah0vuWFa0aDVWicj7jWXSlVu4WFdasjesvhjg34OqrlUMEJVt5bE4f1eH1T96fGa0HDpf7iho3I6y8VAqgRixOchb_SShwcM-vIQbEPr4rxPSU7Ttux8qAWEY0RtX-mRGUCyLuDxKw2G2K6MPe_zwhT1MQ62YNi164rYXGqD5_eCsj9Wae_px0sLUyaICCr4BlevywJa9LTgUqVMAmdDKkCICn2yNJ0yo2iSF-gZBBoVXy4KH3IlH1Jc1FBit-3ErT8HYj-kxbBQ61tDevF7APS82Ewg95UCQSCqOMPnvGdfdy3gxE-nZwHIDyDejeHdTH8Cup3_NHPk3luNbYCe3dXdGvVDtVlI21jg&sai=AMfl-YTQftWQZwrsMnlBlEN13vzWGkxLnnOaeuZaQccDaY4ENWylhB_DCV_8qMVlCvSfN6ondyeUDF1A_-n6bVg&sig=Cg0ArKJSzJE5sv1BWziwEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DD86 15 KB
11 KB 93ms
65ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308310101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c1ad8b360d98bfa2002ce9a92f81254373aa62e8302ddaa9ced65250c99caf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11702
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE12 0
0 42ms
42ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZ8-J3sj1MthMOtCpdw3TTIcK3r2tzvxOnTcI4WDqpO174EDxpL4OWdd4kcvyoe-ja7xsdEBxqdU4Fb77o26zXupo7YOXuigsTdVgnhgaHZcHDurqCMS9jufmWLhh1vCBx6__u2HulS3_ly9xq47M5ZU-xQMLPv3iXTWyJhLcEIEHiJ-G5qKThfR_R4UjV2cBu77ZjmYAtJvVFNWAYMtPVZ9830ahx97uQsPfbuyJ854BIcusWYUY9sAEiivovQ_bLpqNk8aqzp-EcihXn1sTWVcLhfB2XcKji2b3N8z3UT1S7_4K-QZQB6XwX7-sfExVa6rk6ht_xR0B72qV4KVMmzEmJSCTMb_HCLNRixIaU5n1agyEKjw&sai=AMfl-YTyrkaM3MK3of9O-6LtGCE_dqlgvimdZmw3PnFUWEf5wxaDwtCuoBDPbYOszMW8rc2VqnwqXMod15GoGtw&sig=Cg0ArKJSzFwask_8eqB4EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BE12 15 KB
11 KB 66ms
64ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308310101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ba25ff9f7e17416ee72e40cc598748f33dccc74a500e9f613c82265f642005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11721
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7348 26 KB
12 KB 449ms
448ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5884294479391638&plah=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d03d57f25aeee5c3d431f527739654319f4b6308ae70e3daf60f34226b3988ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12323
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BE12 17 KB
7 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DD86 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5987 13 KB
5 KB 11ms
10ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 11:29:33 GMT
expires: Wed, 04 Sep 2024 11:29:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C40F 829 B
1 KB 50ms
19ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

41045abfa2feeef13aff292d28743aa410fcaed6ea256087e0d66550372b2fad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EbwoFdPXpKEZLYesr-o88w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-EbwoFdPXpKEZLYesr-o88w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Tue, 05 Sep 2023 21:01:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4FA3 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 11:29:33 GMT
expires: Wed, 04 Sep 2024 11:29:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F21A 829 B
766 B 18ms
16ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8792764159f6da09f11470f8999dcd6c3d2eb5677b529ca431d754ea4d5dc7c1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uAnNmdApHCrOs19KEoBjXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 537
content-security-policy: script-src 'report-sample' 'nonce-uAnNmdApHCrOs19KEoBjXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Tue, 05 Sep 2023 21:01:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 19DE 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 5987 38 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4F9B 624 B
242 B 53ms
50ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXp718IR39dv5rpttdaKIXZwqwXW1Z86DDhVeS0Kgm1x5aNZrzIXZhn6wdnQRygtLBikGEps4KSingGmBFEmEIsqHvOE2Ep_XqT--OqAunGQltGzuk49qxRukoS97V2HKmgANYD6kddSYpqDI-GVnTVzhOhOikIp8R2jz_64DbeD0if7JU

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 19DE 86 KB
29 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19DE 42 B
63 B 45ms
43ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ch8vaiSvg42nYLHaBxxPVdVXmokuMPNnrRZgGChjrzZs1g7up_DE9HwRX05qtvdXo5e6tzMTUm3KX9w_MlKdCUBTI_MAUcJ1QtsTTOUAtEyvmBMKk

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19DE 0
20 B 46ms
44ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18008093059663127948&x=1&ct=76

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 19DE 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/window_focus_fy2021.js

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 19DE 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 19DE 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS9jFGO8l1QEjp4QTLdosS1YD8inrsGPE2psx-EoXL9DcUoXUnm99N4NYOcm79CgC7lfuOPMSVr_AZjIPn50IZ3-tuZ9A
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 19DE 181 KB
57 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8720 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsugaNFhS6-dE5zXC9xsUrrfyKicjZ8d4U4yb1Gakt41gvlKeOuDRmDA5H7vqCwOjH7voGda0mvAUrteG2mvcSztV98V4esyVjCyw71Fhk9iAeeNujwvsKxan4h4DLZDHAmbWV6NiHDuSVZSZkbL3Rs_PPXS_vusBSiAC-2j5l17o0yDQCLHVsre6XYufY3j29enf7_c2klbj-JqdzUN_3wZHKIFBnMi4MD7NF4fzRnjkaH6ICIGFX26SBHVGHgEAgyxrAurFqLo0MsGsdIx45ZLiUMi04cj5WrxsxTwFjMxOd5VrGeYO1VcuUr9I_DCySqiifNm4jqTnhRLdfvojzjLwF14GsBhQ2IJ0tGBSlae82Xjxss&sai=AMfl-YQpywpX4-K22AIk9qoa6QDqoPAG9HeoFw9mYXG4yrKnIQMzdhsrCJQC__dvVcdNxnMMWi1NQPnLo2S_wWXYMoUIjQfoC_Ydq6cTGw&sig=Cg0ArKJSzB-cZ_-ErML_EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8720 181 KB
56 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C40F 0
0 42ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308310101&jk=4034324332504880&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F21A 0
0 42ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308310101&jk=3041573405313352&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame DD86 23 KB
11 KB 357ms
357ms Fetch
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3041573405313352&correlator=2201206713062428&eid=31076399%2C31076474%2C31077227&output=ldjh&gdfp_req=1&vrg=202308310101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|160x600&fluid=height&ifi=2&sfv=1-0-40&rcs=1&eri=5&sc=1&cdm=43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com&abxe=1&dt=1693947685966&adxs=0&adys=0&biw=160&bih=1200&isw=160&scr_x=0&scr_y=0&ucis=6apglfpja4aj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fyinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&loc=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=160x18&msz=160x18&fws=256&ohw=0&ea=0&dlt=1693947685097&idt=423&prev_scp=in2w_key%3D16%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1%2C1%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D15%2C16%26in2w_key9001%3D2&adks=3449373903&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e6ef6fd9a7b3a3f73d87a9eb518069fb3b8a38c5aca6e339cc0c108326dcef0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10894
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 4F9B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

43 B
337 B

26ms
25ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXp718IR39dv5rpttdaKIXZwqwXW1Z86DDhVeS0Kgm1x5aNZrzIXZhn6wdnQRygtLBikGEps4KSingGmBFEmEIsqHvOE2Ep_XqT--OqAunGQltGzuk49qxRukoS97V2HKmgANYD6kddSYpqDI-GVnTVzhOhOikIp8R2jz_64DbeD0if7JU
Protocol: H2
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNNpo1VbmRH5XeO%2BOJPjKFPaF2hO1Y33pkKTVTNTPecJBR64%2BjYPjl8ZBJqaU4hi7syHyrXLOSQzebowiuE2jMJzAdaFXsvfuQbzL4u234NiGz3Jox92CQ2r%2FTNtBvXzIL2PromQMmGjAw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8021684e3b922c41-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4F9B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPeXJmt5Jqe6Olz6AmeTcAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

43 B
774 B

28ms
27ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXp718IR39dv5rpttdaKIXZwqwXW1Z86DDhVeS0Kgm1x5aNZrzIXZhn6wdnQRygtLBikGEps4KSingGmBFEmEIsqHvOE2Ep_XqT--OqAunGQltGzuk49qxRukoS97V2HKmgANYD6kddSYpqDI-GVnTVzhOhOikIp8R2jz_64DbeD0if7JU
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfVIOyPjrD1TXCseJnLcqAzTYArNTbtT6%2BDm2FRlET%2BHtY1OhgRa75SAYDEOTJxQ22VYw60kfhzR5VyAG%2B93CfKd1NMlDgyBpyJshbhtqh0%2BTSvEZ812Ol6W%2B%2BgPcMIG4hN1JG6E%2FJ6omQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8021684f098bbba1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 4F9B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

43 B
840 B

27ms
26ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXp718IR39dv5rpttdaKIXZwqwXW1Z86DDhVeS0Kgm1x5aNZrzIXZhn6wdnQRygtLBikGEps4KSingGmBFEmEIsqHvOE2Ep_XqT--OqAunGQltGzuk49qxRukoS97V2HKmgANYD6kddSYpqDI-GVnTVzhOhOikIp8R2jz_64DbeD0if7JU

Protocol

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
an-x-request-uuid: b922892e-06b8-40ca-bae6-f56c9750f256
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4F9B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

170 B
243 B

24ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
an-x-request-uuid: 39b87026-bb2a-414e-945b-e4c4b07593fe
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 4FA3 38 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19DE 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=144264036040&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19DE 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=144264036040&version=m202307240101&ct=76&x=1&cor=18008093059663129000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 19DE 103 KB
39 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BY8EfXqcB9nvviTRqVCqVrFgmto-NFe9T8SJk7o93C2LayQvCpTXtGSkM1Q_M8OWqsJ51SMQdKILdXqa9yQgl2pGqTNNk2HO8DxUXhM4P8BZrUJnxDNq8BbuyuBq3upbMWYsJmcDo16JeIHjl6xKM5TyYj5uouz3v3DWVAs7otCD06kps&dbm_d=AKAmf-AnoRZEIgfAff9HyAZ2cKcEtKsi3NCDVpzoIBUUtb6FmE6EjdVBDUG2u1ml6SuPsRapjwwmfhwLDfiQ4XNLPbS-vrWFfBTtlrNjuKczjp4C2msTob0EK4x4Lp-E7yaKb8uCER1aRx-_zqZ6KWFlNTzXs9H3EPVsE5snDVPiW2wkmCjA4GFBETfoMTHU7dx6JYs9YN1YSwqZfk7Asx-l4zS2pCj6gZ-oDVS_CFgPzOgWhqCPDOpRs-6hc0iMQEcp5y0IbatzeS-yGH4oOJEgtkq97FfXHSFNvhqPCPUYE___Z9g2cqZT5CqgvcxQsZksw2pisygQPYSnxKTrrsrA5VRyK-q5lSDKE_MwONvSNxoseDLnKDe8gLlUmesOqc_vWS30pXW-SKJbhG_21k-3QjkfxXdzhgsLN2u-r6CxPEE9mfyn4AV1mK5QoSYiFWsQjofFA0ke1AbUTrJApi1xItfR-AsoLzJiklAA1uEYMAYrWkGz3pQvVPPOIKs1sd_ZUNKbk9dv7GuX4iLCivSa5NIh_7D2MfAj6PZNvdE5nKgMVQm3Ko_PKHc23q_Q8zDxAp9DTgWaI-Faw9nSw4oigcbbO0Jhggmiq7u5tvz-cuslBMOgaIUORup-fRtyD7MrzYm3lEFoLRshl4YYISXLFcsLLwfmoTUmTZlperhqtr1eU4216pMAHxgN8bsel_6wSyN89_wS91YX7_5rnrJGLw2b8nXXSPVWzki5dU1Z2u9Ro0KMYWUsHXn62qqJTWog54dJ-fbjsAA0OApRJu5Vos1radsNJQpqaZ7EKwY42_5GZWvsoVkWab5nFeIbm1mClEBw2xIRDQUQ5lKCgadIcjkycVIVBBVKr_7lKd--uUdpLNkU7V7C2bTRPP5Xfuq7YiLcDDL-0jQ2Zv3jBM9OLsoihjnxU79UP48TeeSUxZNK9A1_j6eAlOLhNSumSy1d4Yy0Ep-RiGuMSPUlpC-Bd7nVOzPjoqIkh8txFundhoBxIwJ1bKjHDWZl4ynGFT23-rCHkubIvUy8tPAg95CV-fdQRXYbQJN_dFRIiQ9A1vwhRorEYnttQO2EEcjmgzVLfbEfMLMz6qj6rEq5m9RapIJ6rc4s54tY_Q76l_TVEy7quNCsUoR6oaOOSDwEC0ObOPQLZoC8zudz0BDCByh43yHGetQAQOtLG61-AW9cJibU_X_6k9EumeMII0mJEdFDgm4uvuZo_OJcHIxkqppM4e8R9e0qkLOj8UXuSzw_RTRRa-Z_5x4XtbiBD-XRTSCBbFHhVrOPLjZKwvdDINZ4SWYUyDI4hQdN6ipGycsGL-92u1LM5aPfN8h3LP29vXthCaALuptsmeNI2awFanVqkGxMk7q68xEXebKB_VixYoUI5WwrSiwKhP8N-67-mGRP5vyaik24s4MseXLb0iJ3T0Yy8blykHb3v_29YVXNlT2O0iZm-SbP59eZSBxNuuYs04HvXT5GUX9THKGJ_aBeLgSx6kJe4NTHOmf_Jp2qhczSeQlBvBtRqRpS8bbprcjGDqLhsNw1kedebVZPwpKcQlcbC_kmpJuhacxM0fYAmIeQZbRKlwWtn9sb8YkbR0ohCIb9p_FOn5WFuLzQ4_b6VYIgBYrVDFbyzoHecos2pLTekQv7StthHRufZK3EcfsbgmFE5z3URtgnuueHafyHBud2g0IOibhEcFk2ALzv2rZj9UaeMKi6tuIAI-wa8KCz7mxLg-E25Gx1i1Np6ZWC0zyPvO2VOwXX-gfO0BKSP9lMXNHxtaYU05_hrl0jrbQX6v_dtwrjau0X5HFb-bicNHelKaBFg9atw9WXTH05kEQZH1HIpb6_dse2tvezPOuFFOyxFeVFFIkMywvu9j0eESMKQ5poBbk5eURJ8JFgKplYwPf_9AF7_kWzgE9PC8oQ39JT3r9IEd9_5U886FlQ06qiD7XzJXSsQj_Xs5-TRw80AeOXEDWpshPu_KN1JUn_jncKIe3nns_c9k4ANXSnnglQzV19WLV5UXyfPsvabquTAwnNErATa37KfjzWa1UD7wTCggFN59Ze28_F-KnqDZSgTdokseLcypDZb1RfU85LCaMuuOR84w0Gc0WE6d0ptwy99Xmk-h8BjBC8xfo7C6VtTVlCG4Ay5KA_3bOWvs4PtnT0ZaNDIVv-3TFOsYMXNjw2IKlDF7pZzJFYUevRvBveyiGILG4PBi9CVmA9iDnRPppsm9m_Vg0G8FuP1_K7p3xHaKFT6rvW8fYz5H_6NVy9lLS902ierN7akNSgIVExJVx4F6TmiIj459FounwLeq52L7rXJwn-VEAMTAfBxSJLRi2zboLGb7BQ7LdQM7Zxavy23FoGzGbAhtjZkExVcmT20mr_R7lKr8GF9RcYh_h6l47jg10vXhHkkuRGPs_lSJQhYEMItjLXYl0pgGg-iJILzg2DdHXVyzEeba0qLl9f686HDy4WgdZSVixKx_lSVBwydh4MTSGcxxGkLUv1IVxKDvHEjNrC-QvZKr6doyllO29DnNvXi5y9ImJIUsghFbDSyA3Np43QZHNv4XR9UjVNAaa5fzSoD97ltT5H8f85VJcUZ31bIAhaEgPWr5H2dK7Y2keZyXJjLhYPSCH3nqakelfl6tSUi6uD5yNL8UCDIc4SEJJ6QNyz0K0Afl3-JbZCh_TvkMj8Rd78wql-hK7o9eLot-CvpQGzmJENMdYRvMYnf0yrA2fXKzksNfk64A-i3lEfE_hcxDeykNT5lQhiFrOKGiMhD08gQCFzkkgLGK0fL-dLwXVa6_eBSSUaFqA9qjQgEmQ3pv7BHabgqa66tyorQHM3-LZ9hmuT7sxbHPWHW7EYQJkIZITrJCzRys0huOGqzIZw0iUG8XWtB-IfjZSCKzrnGc4C79lRo9F2lRP7I5QBIo6eutkWrbEEVcd25apYdZRfJR-hsq1VDL5U3HIDwVla_mO3yDlrn77x6z7OXdQ8gV6dxwKZS_c9kMckqeiY3iWSrcuE11MdOf7aUMuwt4ApEu0E-Rl36qoEOmN5_HiKhl-8DIK7j0f6wtPPu-H6A_1HOZR9cVmtSLTw6udKXyfkFTZDE_uZWq2Pua7AmMdmWypcnmdWtt2E_7W9jeQlpQCJ1ID2Tt_W-ULMc1IT9mUTFWDinXj_ms7sTNmlTPl1kDA7Vyi_UioDc8G7FUDMteS4nZyKtrpnj3jPkKUoiX0A8VABM_sKW2cWNCqAaQFjvWG1z_gjNjrlPZ8McvxLzDz8NACLg1IA8Kw91-QZcfXkdR6JvJQdBHbEd_SPPVKnYZrcmBFegTKXIt3pqRhoMLQVW7sh_6wN8tRBvSfA6Dip3xf5rxaoDPMEqI8AnaFDcunKk6kamgQqk1UoszXtQRDp53GGC5FZPFg9USNd_l803YIeNocq6_bbffqkszIAlWua40JJAAdBz17aEYtZEYsPF19YWcrm_1FBzkwLcH8LEiC2-2lr1LzQZSsFbX4hgdIqze3ovburziUy2gEWzqweiWrAJPSr4sSu4KE-ulf5e1Z1OBEDk_ryqQJtp3QpGpMkg26nGMjq1aN10lKFzFPzc4Txc9rICtuJElyLLy3qZUwTRKaVPTtI6vLVkMaXlUySuo1Ptoj_OC-SB5zQ3f_36SjCSm6OE4g6pGbReRprNLrOGNl0uT3JvpVdOXAU_vsAlPfPnyFOa8Ia7wcpWllsYPD-VAoE-jrsYMmUNj7PMUgesJXbJfNaQ6wsj0jSoCRJHqmjjBSwuYe3iDNfhqjeiSDdXU6KOvfcygUk&cid=CAQSKQBpAlJWyWQUK7uEgZqqQ0n6JLzHX680PtT0xjKywqHbAMpTfPc3d7wTGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=18008093059663129000&adk=1812919851&idt=57&cac=0&dtd=23

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee0ccb2d5e293209e2ccfafe9bde2d092751143390e5930bc7ab30c28eadcc09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40302
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 8720 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d0827cf5d8bd47a968d1bf42e0b14b69f34060ffcc0ad36036b0450bc4c624e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8720 0
0 47ms
47ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst_WTPN516kFX0dvajMSTuMOGKM8Npqig8YOJlG0eRxhtASRqTZiVw4_1loKjdggUoJqGwLJvDHk2VIyisrbNFtTHu6m91XjsmqG394evXmsSYDss0a4Teml2h3dVTYDA4gezz4AYVZSN48WCYNuT5arSD5GgdlR3-N28gIgoBf8pakMhsZINYeRc7lAaRUZfASlZDxevW03IW_5dml2kno4oD5K8R8-W3Ax4RpdqIWyZ40olOI3c0EmBxiV3fn0eXtITt0wquT7ZQg2QtV1_PMMvyB-kOVwp7PpHHO1ZXWpom48gimkZ4PLLPswS4bLyrx9kTrRlC_A8S8lEXkrWCq5CvKaoYFRHN7KlcVCOPdBuHrTSlMsw&sai=AMfl-YSHMWfaKn1JGbfcSNE_SMgY_DvkrtIeVHG-2RAf6wau0T3JaPCNjVEiWVyUf_VdSt3ZJOVn6y40RPw0AMV0qylSaG9diPVeCxD5FQ&sig=Cg0ArKJSzPbc7sE6c5bwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B31 42 B
63 B 48ms
45ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNyprkz5WjKJMTj9vbh39eJDOnNkDKfhoaz_yLz-zgOQGBKCPUEzX9r47DDMINwraRd2iSKIkc5yHZoiTu4AT_I900sOQJTgdvJSdXIaWRIuWwTVg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B31 0
20 B 47ms
44ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3299037184546351410&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5B31 86 KB
29 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 5B31 3 KB
1 KB 22ms
15ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 5B31 20 KB
8 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:41 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B31 181 KB
56 KB 25ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634096/ Frame 19DE 250 KB
75 KB 124ms
32ms Script
application/javascript 52.16.244.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634096/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-5884294479391638&ias_chanId=1&ias_placementId=20338656165&bidurl=https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hwgljiJeRr0pMTGZkFlwi1
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.244.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-244-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c641bb411a21426a8cb3acc8ff59da84544bb0a5be0bbf37e4170841fcbca48a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 19DE 111 KB
39 KB 49ms
4ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
Origin: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 10:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 10:55:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/ Frame 19DE 11 KB
4 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BY8EfXqcB9nvviTRqVCqVrFgmto-NFe9T8SJk7o93C2LayQvCpTXtGSkM1Q_M8OWqsJ51SMQdKILdXqa9yQgl2pGqTNNk2HO8DxUXhM4P8BZrUJnxDNq8BbuyuBq3upbMWYsJmcDo16JeIHjl6xKM5TyYj5uouz3v3DWVAs7otCD06kps&dbm_d=AKAmf-AnoRZEIgfAff9HyAZ2cKcEtKsi3NCDVpzoIBUUtb6FmE6EjdVBDUG2u1ml6SuPsRapjwwmfhwLDfiQ4XNLPbS-vrWFfBTtlrNjuKczjp4C2msTob0EK4x4Lp-E7yaKb8uCER1aRx-_zqZ6KWFlNTzXs9H3EPVsE5snDVPiW2wkmCjA4GFBETfoMTHU7dx6JYs9YN1YSwqZfk7Asx-l4zS2pCj6gZ-oDVS_CFgPzOgWhqCPDOpRs-6hc0iMQEcp5y0IbatzeS-yGH4oOJEgtkq97FfXHSFNvhqPCPUYE___Z9g2cqZT5CqgvcxQsZksw2pisygQPYSnxKTrrsrA5VRyK-q5lSDKE_MwONvSNxoseDLnKDe8gLlUmesOqc_vWS30pXW-SKJbhG_21k-3QjkfxXdzhgsLN2u-r6CxPEE9mfyn4AV1mK5QoSYiFWsQjofFA0ke1AbUTrJApi1xItfR-AsoLzJiklAA1uEYMAYrWkGz3pQvVPPOIKs1sd_ZUNKbk9dv7GuX4iLCivSa5NIh_7D2MfAj6PZNvdE5nKgMVQm3Ko_PKHc23q_Q8zDxAp9DTgWaI-Faw9nSw4oigcbbO0Jhggmiq7u5tvz-cuslBMOgaIUORup-fRtyD7MrzYm3lEFoLRshl4YYISXLFcsLLwfmoTUmTZlperhqtr1eU4216pMAHxgN8bsel_6wSyN89_wS91YX7_5rnrJGLw2b8nXXSPVWzki5dU1Z2u9Ro0KMYWUsHXn62qqJTWog54dJ-fbjsAA0OApRJu5Vos1radsNJQpqaZ7EKwY42_5GZWvsoVkWab5nFeIbm1mClEBw2xIRDQUQ5lKCgadIcjkycVIVBBVKr_7lKd--uUdpLNkU7V7C2bTRPP5Xfuq7YiLcDDL-0jQ2Zv3jBM9OLsoihjnxU79UP48TeeSUxZNK9A1_j6eAlOLhNSumSy1d4Yy0Ep-RiGuMSPUlpC-Bd7nVOzPjoqIkh8txFundhoBxIwJ1bKjHDWZl4ynGFT23-rCHkubIvUy8tPAg95CV-fdQRXYbQJN_dFRIiQ9A1vwhRorEYnttQO2EEcjmgzVLfbEfMLMz6qj6rEq5m9RapIJ6rc4s54tY_Q76l_TVEy7quNCsUoR6oaOOSDwEC0ObOPQLZoC8zudz0BDCByh43yHGetQAQOtLG61-AW9cJibU_X_6k9EumeMII0mJEdFDgm4uvuZo_OJcHIxkqppM4e8R9e0qkLOj8UXuSzw_RTRRa-Z_5x4XtbiBD-XRTSCBbFHhVrOPLjZKwvdDINZ4SWYUyDI4hQdN6ipGycsGL-92u1LM5aPfN8h3LP29vXthCaALuptsmeNI2awFanVqkGxMk7q68xEXebKB_VixYoUI5WwrSiwKhP8N-67-mGRP5vyaik24s4MseXLb0iJ3T0Yy8blykHb3v_29YVXNlT2O0iZm-SbP59eZSBxNuuYs04HvXT5GUX9THKGJ_aBeLgSx6kJe4NTHOmf_Jp2qhczSeQlBvBtRqRpS8bbprcjGDqLhsNw1kedebVZPwpKcQlcbC_kmpJuhacxM0fYAmIeQZbRKlwWtn9sb8YkbR0ohCIb9p_FOn5WFuLzQ4_b6VYIgBYrVDFbyzoHecos2pLTekQv7StthHRufZK3EcfsbgmFE5z3URtgnuueHafyHBud2g0IOibhEcFk2ALzv2rZj9UaeMKi6tuIAI-wa8KCz7mxLg-E25Gx1i1Np6ZWC0zyPvO2VOwXX-gfO0BKSP9lMXNHxtaYU05_hrl0jrbQX6v_dtwrjau0X5HFb-bicNHelKaBFg9atw9WXTH05kEQZH1HIpb6_dse2tvezPOuFFOyxFeVFFIkMywvu9j0eESMKQ5poBbk5eURJ8JFgKplYwPf_9AF7_kWzgE9PC8oQ39JT3r9IEd9_5U886FlQ06qiD7XzJXSsQj_Xs5-TRw80AeOXEDWpshPu_KN1JUn_jncKIe3nns_c9k4ANXSnnglQzV19WLV5UXyfPsvabquTAwnNErATa37KfjzWa1UD7wTCggFN59Ze28_F-KnqDZSgTdokseLcypDZb1RfU85LCaMuuOR84w0Gc0WE6d0ptwy99Xmk-h8BjBC8xfo7C6VtTVlCG4Ay5KA_3bOWvs4PtnT0ZaNDIVv-3TFOsYMXNjw2IKlDF7pZzJFYUevRvBveyiGILG4PBi9CVmA9iDnRPppsm9m_Vg0G8FuP1_K7p3xHaKFT6rvW8fYz5H_6NVy9lLS902ierN7akNSgIVExJVx4F6TmiIj459FounwLeq52L7rXJwn-VEAMTAfBxSJLRi2zboLGb7BQ7LdQM7Zxavy23FoGzGbAhtjZkExVcmT20mr_R7lKr8GF9RcYh_h6l47jg10vXhHkkuRGPs_lSJQhYEMItjLXYl0pgGg-iJILzg2DdHXVyzEeba0qLl9f686HDy4WgdZSVixKx_lSVBwydh4MTSGcxxGkLUv1IVxKDvHEjNrC-QvZKr6doyllO29DnNvXi5y9ImJIUsghFbDSyA3Np43QZHNv4XR9UjVNAaa5fzSoD97ltT5H8f85VJcUZ31bIAhaEgPWr5H2dK7Y2keZyXJjLhYPSCH3nqakelfl6tSUi6uD5yNL8UCDIc4SEJJ6QNyz0K0Afl3-JbZCh_TvkMj8Rd78wql-hK7o9eLot-CvpQGzmJENMdYRvMYnf0yrA2fXKzksNfk64A-i3lEfE_hcxDeykNT5lQhiFrOKGiMhD08gQCFzkkgLGK0fL-dLwXVa6_eBSSUaFqA9qjQgEmQ3pv7BHabgqa66tyorQHM3-LZ9hmuT7sxbHPWHW7EYQJkIZITrJCzRys0huOGqzIZw0iUG8XWtB-IfjZSCKzrnGc4C79lRo9F2lRP7I5QBIo6eutkWrbEEVcd25apYdZRfJR-hsq1VDL5U3HIDwVla_mO3yDlrn77x6z7OXdQ8gV6dxwKZS_c9kMckqeiY3iWSrcuE11MdOf7aUMuwt4ApEu0E-Rl36qoEOmN5_HiKhl-8DIK7j0f6wtPPu-H6A_1HOZR9cVmtSLTw6udKXyfkFTZDE_uZWq2Pua7AmMdmWypcnmdWtt2E_7W9jeQlpQCJ1ID2Tt_W-ULMc1IT9mUTFWDinXj_ms7sTNmlTPl1kDA7Vyi_UioDc8G7FUDMteS4nZyKtrpnj3jPkKUoiX0A8VABM_sKW2cWNCqAaQFjvWG1z_gjNjrlPZ8McvxLzDz8NACLg1IA8Kw91-QZcfXkdR6JvJQdBHbEd_SPPVKnYZrcmBFegTKXIt3pqRhoMLQVW7sh_6wN8tRBvSfA6Dip3xf5rxaoDPMEqI8AnaFDcunKk6kamgQqk1UoszXtQRDp53GGC5FZPFg9USNd_l803YIeNocq6_bbffqkszIAlWua40JJAAdBz17aEYtZEYsPF19YWcrm_1FBzkwLcH8LEiC2-2lr1LzQZSsFbX4hgdIqze3ovburziUy2gEWzqweiWrAJPSr4sSu4KE-ulf5e1Z1OBEDk_ryqQJtp3QpGpMkg26nGMjq1aN10lKFzFPzc4Txc9rICtuJElyLLy3qZUwTRKaVPTtI6vLVkMaXlUySuo1Ptoj_OC-SB5zQ3f_36SjCSm6OE4g6pGbReRprNLrOGNl0uT3JvpVdOXAU_vsAlPfPnyFOa8Ia7wcpWllsYPD-VAoE-jrsYMmUNj7PMUgesJXbJfNaQ6wsj0jSoCRJHqmjjBSwuYe3iDNfhqjeiSDdXU6KOvfcygUk&cid=CAQSKQBpAlJWyWQUK7uEgZqqQ0n6JLzHX680PtT0xjKywqHbAMpTfPc3d7wTGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=18008093059663129000&adk=1812919851&idt=57&cac=0&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:39:55 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/ Frame 19DE 30 KB
11 KB 15ms
12ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:54:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:54:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 19DE 41 KB
13 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 321611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C663 624 B
242 B 61ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIY_Iay4gEwAQ&v=APEucNUD_ErfOY3vvNx2KOdSn26UazBXbYhl9msWK4VumvJ_z-16BaBanpZSfn5mYb1p0Ja_k24EYnzkN53RzrcWuPYzV00jPZqk0OjN8nT16kjbP4Rpe6h_k6vDnrfaw0aVNefbbTemNvkKMKuA82NgcSuzFT4Kgo625vvphMXass-cfz8Qrek

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E6FC 1 KB
643 B 14ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 08:56:47 GMT
etag: 48472445140208031
expires: Wed, 06 Sep 2023 08:56:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 19DE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 246ad5765af74a1c523f5ce63d039cc609699bd40c301fc9e3b6b3c37189b85e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7348 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DX3m5EHABUrpqzDKcRoRAt8kSfeXCkQX6H3hS2a7blu-Asn58Vvo5Gy1qU_IZkP5L-X6dGfHH3fQxD5PoRX4_7S2qgIKR-ahAjcK6blkNQ88dpQPs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7348 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5088255717555601079&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7348 86 KB
29 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 7348 3 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 7348 20 KB
8 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7348 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQWRPTIfToiWZlSC2e2tlk7BIMBK01BOJlb4b6OEX2MjPjrTzxAR4bx5UHni8ENnY01Y8QjXIodesmt_PUJLd9IZLPJ0g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7348 181 KB
56 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C663
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

43 B
737 B

22ms
21ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIY_Iay4gEwAQ&v=APEucNUD_ErfOY3vvNx2KOdSn26UazBXbYhl9msWK4VumvJ_z-16BaBanpZSfn5mYb1p0Ja_k24EYnzkN53RzrcWuPYzV00jPZqk0OjN8nT16kjbP4Rpe6h_k6vDnrfaw0aVNefbbTemNvkKMKuA82NgcSuzFT4Kgo625vvphMXass-cfz8Qrek
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KrF%2BCm%2Fui51ZHgptjPNa%2Fr8g1yKYWKET0AgGvZ%2FgeUrxn4YPwAatWbBEMhwZRKpdzVHO2l8wS3Y8yjY1whgIUP7bsNUV7G7RPQWSwJkPSMxXTixXVCNd8L%2BdozwqIDNFeslVdsqAo8X%2Fsg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8021684f7a1ebba1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C663
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPeXJmt5Jqe6Olz6AmeTcAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1

43 B
737 B

23ms
21ms

Image
image/gif

104.18.39.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIY_Iay4gEwAQ&v=APEucNUD_ErfOY3vvNx2KOdSn26UazBXbYhl9msWK4VumvJ_z-16BaBanpZSfn5mYb1p0Ja_k24EYnzkN53RzrcWuPYzV00jPZqk0OjN8nT16kjbP4Rpe6h_k6vDnrfaw0aVNefbbTemNvkKMKuA82NgcSuzFT4Kgo625vvphMXass-cfz8Qrek
Protocol: H3
Server: 104.18.39.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vJ9cK6mAf%2F8%2B57%2BmKDrPSbZCKjUPbdHnoIImUrY9SmzOol2sb%2FH1QGdCUFI8zDMr9%2BkgUY7dkFsENyDhkpK21kMYB662hG5UhgH5cbhRtD%2F3XCUyeBj1MKX5osm5uZxjfeHXZW4jm5X2w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8021684fba62bba1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGuqSEdlx484vWlfVX9a5D4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame C663
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

43 B
840 B

30ms
30ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIY_Iay4gEwAQ&v=APEucNUD_ErfOY3vvNx2KOdSn26UazBXbYhl9msWK4VumvJ_z-16BaBanpZSfn5mYb1p0Ja_k24EYnzkN53RzrcWuPYzV00jPZqk0OjN8nT16kjbP4Rpe6h_k6vDnrfaw0aVNefbbTemNvkKMKuA82NgcSuzFT4Kgo625vvphMXass-cfz8Qrek

Protocol

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
an-x-request-uuid: 5e351886-facf-4084-b714-470ec977097b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEYHIm6B7m7HggyvPi3cRTk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C663
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
an-x-request-uuid: 18d894d8-8781-4093-82d2-641f5c752412
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODgwODUxODk4MTYyMzIyODY3Mw%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B73 640 B
262 B 51ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B31 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5834361188812&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B31 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5834361188812&version=m202307240101&ct=76&x=1&cor=3299037184546351600

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5B31 138 KB
40 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AF27443cuUh0Gn6CHQhifUV4p-Xht-DIhk3kG7QGZBAPm6Sy3JQ3HYSliPKjjs9k0zGItAZeK08co5O_wy2V5CZj5KLtq0g9CwNLge8ozwPB50Qrc&cry=1&dbm_d=AKAmf-CzjJ0idMx6BN2s_CVn13t5OXQwZExto-JHsEL2OEVpZ4pv0in2RX9Q3-1-hfjaSPytIEgg4B4LZV5ZYhLSE3gmG31UZ871Q-3Lgqw7EBqBMIkLWgBPz8OPtGEzcWkXKPWHB_i8qXZSIAcukt7TSfRplPfElxA3D8yiZYIYPR3n2zcVUGWeGwqXMiGL0xY5mYIN9Bd2bwn8h4u4lks4hq0Wtxob4ljJRGlrN0jl7Fa36CZ1d-ERlKm9qbTTZF4G4xMOB0-YxgNdDa2fjGw_ku4Xu05FioFl8fXSgiDHqCffnc66cT4oD4vHP1aeOPKzVlAEFjoHI6OQz05XLHFhWBjF5g9QGpBPirdb7m49ul7mT497cjDcyyMqPksExxJN8J8bKSXobesTmXnnfwgdds58uDvUr2rNKHnux6hL1kCkrGAu--L7zgUid8-vbSpSOwsbpi5AARKZt0ZsoJNaProCEKOgI0it4-8Ndho-w5rqhlVtbu3ygZgFXCAlJLFQZ_ffmgWxQh7z7_kHcnajJZy7LdoAE0Ajq6dXq7XE8dH3hQv8W5JyVyb2fXYyzAFLF74sLQCAaCjEY6aPv4K3dPFkDFl18k_bZ7s8JC6exojsCyxYnsj92_VCew6_F5j72nDB10g0o-0_A6_YYAfecTEGdrCmJlsdT4swlMrugxz5gciM_K664NbteskrVLZn-onBsL8xqEqD-a7jPp7FmGLqGvrEuU25p4gW-CN2L5JmUvjrIZB3M9xT2EAwb1jUu4lezKVup-57Mxy19CB4_Hf1wUmp2lPAkJVVzpQFXDXvK6aA5IaILDk-vbAHl5Qebp-q0hnAc7-qQ3p9k_cExTfR-UOL5fYXz_2L48moOst0Nwh6jWO41LJ7hUw_rnOhPQWcVL6ICPmOccWgO58pJCT67fZPPvCPTDFs5awSAQdqcJXl0zHiNq0-AMxHKB7t57J-jo1-yM79PygXweB_CA-WRmR2G9wp6DCL4jD2bGjnfLG0INd1Y2-czoJ2V1lc-DyetZfwAYx_tkzwFWflwZrppBX7KpZIdYIqgQK3jfWnbQ8vVTG24Wl1SEd69nmOyLYqLYkWgFYQHb0TbDghlhcC8QqMULcyMXPL5q0R0xRXnMvS6wjGUHYg9Z3SjJfNEYP7p-bFymDVtWCkSb3_NA_Y58Tb_QFQ9FDphNvRpTS--im8jztxMJXKURWXTZ-6N3enZ2ZD1bdV92QQD9hKk3H_UyTRtq6gltrciDU_W6uVZcmn5ZB0cjSmN4NNvfrmPxLqztnjcqjbUcvVET66QffSrpekBZxK14aHAxxPzvz-ccUiKikytQvoPbWWhpnJ73w4i26L7ZC_swbBKvQbZ-sTxg_qQ6nV3eSUZQ3hHKzd3g71CftymISDgj1Y946cgEe7_u1LLRXAOPaPnnP9N7_bpDQ6tmmVuqQVEloqd-KBIpUtMcv1CxfYfnvIm9WZDLwXs28-LGJDOXPV8wYUcJmIKQJ36ADhHumYkgrJMOMGtBi2csYyx6uE9H7ieJNxcPF-8QxVylcBG2ZsxjSN0mwW5fa35g9bKqXEKPRhmhwtbbloUyZ7m9c0lInlNp_ks_f3Pxik2lbki_LBhg2CInXCm4gdL0bfREOYT5QUkMis2UKA43YZooA47KvTdyGvTls46epwf5mMbUDnqe_aa6z8rZWhUuv5R1MEhaiHyNKNE3Ts60iTqVlfzOZ_GL3FCk1_weHkD7juHuTkgBJ22j89DuAbWnomobJ9FavNqEqRL-CXWzequPVhhTq1UkfAP9yNxqhxQjqh5_VnkwV_GtaSyHCFWTlxivsFeDVfKevXx5LPcT-Krzr_b9-ZGcqogfI18K2_JbHWjrY9TVfDWn9MNCZpt5xEY_Uqz22S6J6ZlZDW9WAuz8aAXENYW2ZZ5qXgifCm8k8_F4XGIsdk7txI5Ag9vMeMnrdgS7qJuh43r7p0ZPWj4QcEg3vxTHLFUa_jdET2JhI7bsodvqWzrRIvR2x6m9N8-5vJhElNeoivMCC7NmJldJ-nQm5iT-gB_u10yJN3Gtq4TEbqSapjYJeJyX641JCJK70ivA_nPEsaYCUHhDmf8A6vxQu74aJPnweE2cf-OtiQgPehe8lACtJ3yqls9JGl_hdRkWsjJUaGOcVC6zgdX98itGdKGZkH5K7g9rWpokOioNQqgU7j0fM_8NuzgVL2qJqMvL1gwNNFlqlpYKPxFK32xp5sl9qSIBWXar1Z_poq9g_O3l-1425v2owraqCJPXbP9b55RLJlNW3fAvTFW8fJaJhatkp2p4UARFVTAmCUGxha3kS7fXnhWAarj8PL5RiJJVgnOuvgAInBlYJoME9BO1QuLit0s68LGqEhw7wbpSbF5G8jdBm8znKUTsWcKC9_I9gUNpZIZni6EDsm0-InPikJhAJp8VY6tKxEwiy7zwxKcOI0RIfK2JFyK6NH351T4cctpIyswItn9dSwHzKQtlkO2wD_CmxRC747F0IsPLXYaUXU30XbcYqW-vXoKp0OJwq647POxBWYl1N_ZMgtRKQ9ukyJyAra1n95z3-DD2iekL-1s0q22_FAsNDUa_WvVMwUctABn0Zfky7kqj8f38Qf5IIE96BlgqDHHs9xZGVHhSVYqf3y2XFwy37Jlhf7kG9qfRXR42D7-MmfA3mSrfoBDEVqalhCxUgZhAm7r4PaWCxoHoocfsXj9fTkDJan0hXIXJ-x13xTQWJ5u315YFO3T4Ymd9zTG_h9L3HE2uWN4Kj76_Pw8G-9XIIk4Hl-NFF8no_Wd5fuGqi9WtHpjtzcFug-K8a6P9NhqJNJ82H2eXisHuMkWpAhf_SSuTrsyzJNJkNhSej_sdCaJwJUPnwWeetQaqar6jiUXx9EAGk45wpZSDk3NJ-lwjIA70yQT0oN3zFHL-6KGqE7w4k68P_HG6L6-Yq_8qyskYadVIHWpg87M9b0tT-R2meGCanC-jtEx3XpGGDS1M16drTEQjuCGNOSwOL7UKpAyeG24kVk30ICmM5dncl-CVk7I2Xbbxi6BOrBh40sWRF_XgGg9YEqfWRFRbrcQ6l_gZqv24TXNmM90mKGa0zKgphFZAMhc4ZV5ocUbqb--vdurqKGNxsiLVZVYEdLJsNZPUxLyuaPL2-NY91Mb1ek9F6J44mPqqr_R7EqAoN2oZAXSQmmFgLg6k5AyUWCai-RKO2dxLMX6Op5BBP9pUjhFeD9KHM-tjpQ4bAu1ESLz7E4BRLi1nQtdu6sGUK6Hitk1ThaR2aofuTX3r1fEyyvBkn8HkVCmZFzRPvdk_hkrwFXw0WF6oRzqau2_aLmSPEK_d5oDKyaaxZgmCLpj8XMw_n-ugNYrjlpHp6RihSOicT8LF6tM3qQejPSACKimwGL2wC0s40-48ZYVVVjV072IPbSXi9FclULR_fVBSErokA&cid=CAQSKQBpAlJWxbU2eHuLkVnpG7rF9QCUX478AYlntQwTmuSomhSr8ppg2-UWGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=3299037184546351600&adk=3676778483&idt=101&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d26ed3194b33ae2d9412002c033485e181ae7089aca5c82b34900932a0f214f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40512
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame E6FC 35 B
463 B 47ms
8ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGI0XKn6vVp9ybtQn16quXg&google_cver=1&google_push=AXcoOmSIfeQ0u-uLzrdiJKUoeUTIj6kDof126qHodLN3HVHrqVZjSSj6xHE-9j9Oh6n_oljVbjrycwaVnYtvoa1Tm1DqzFIxUsk

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E6FC
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKV5OrTO450vlGxMSJGuTsY&google_cver=1&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbjAjuDrj_AZwiE
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbj...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbjAjuDrj_AZwiE

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmTDAgl9uH8K7XZnX2Ix00aRfASP8CYjKY2mSBVyaDvCwrsxTBx9F5QhmNd2GYDzA9K_f4ZJIFlIw28vRbjAjuDrj_AZwiE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Sep 2023 21:01:26 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E6FC
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENLJ8bEsgABpz5SKUPia7yo&google_cver=1&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22Y...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTQ0OTkxMjUxMzMyOTMwNw%3D%3D&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22YAQGb...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTQ0OTkxMjUxMzMyOTMwNw%3D%3D&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22YAQGb0NaV-eraA

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTQ0OTkxMjUxMzMyOTMwNw%3D%3D&google_push=AXcoOmTi702MzbdJ4PaKfsUefS9frMZupuHb_VCUOuHEtMvBJpKBsjoIjil25-VGeIlw4vMcUCJmywEwlOr22YAQGb0NaV-eraA
Date: Tue, 05 Sep 2023 21:01:26 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 sync
x.bidswitch.net/ Frame E6FC 43 B
146 B 108ms
7ms Image
image/gif 18.159.70.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJJ36QHCab6KoX9yi_5cvYg&google_cver=1&google_push=AXcoOmTPjS6I6rcU4_E_GGm7juH6nTli0U3K5R8NUvNo9L61D5QAOIpMjSkhrkhXTC7UtaAAE-BAEKtaN1Y5lhdeCcFbXo_Wi35G
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.70.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-70-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E6FC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOo...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOovyk84&google_hm=eS1ZVm9ycVVkRTJwRXVUeD...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOovyk84&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQvVJHts_w4g5H58Axpl-QcvohvO7wGPa07_HNFEbWeNfwFBeuoxcX_W4zKmBJ33Olo3Kbtb0D3XDJuXoigAtrDUOovyk84&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E6FC
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEHj4ZPwxXFwEv1h10-UuEj0&google_cver=1&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YA...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEHj4ZPwxXFwEv1h10-UuEj0&google_cver=1&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTp2c4ItLYPhZRDubU4DYbVGcos4scKH7h8M0UDiFv4k6q4MAQKHWX_xnzHgiTdQPTKJ7FVCxpEd-IT71CSXhxb9YAJNnFb
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

report
sync.teads.tv/um/ Frame E6FC
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOzLCM8v_GTG...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRTrJvR5LtbupY2vzJZ5hJYRneByMgm2ow574-KfGeSDlzaqou-7CaXHpYZSjLINMVX_xV6HsgyVJHblJ0gydvqEjZQs52GDg
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

40ms
39ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Tue, 05 Sep 2023 21:01:26 GMT
pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E6FC 0
12 B 16ms
14ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JIX2-lQ60n149JLz0VEJ3Aksx6scqttUUH5WaiD31gg6O6AxsV69gqIpbeJunI07Q43PCgYQ

Requested by

Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17990266662471768200/ Frame 5E01 141 KB
22 KB 24ms
9ms Document
text/html 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 325707
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22865
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 02 Sep 2023 02:32:59 GMT
expires: Sun, 01 Sep 2024 02:32:59 GMT
last-modified: Wed, 09 Feb 2022 10:37:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 19DE 0
0 130ms
57ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-kOzh2dyfaKoIBg-zCzcWG_1yIWZGKsc-_9ON81ki5SuP8jGhlqBazL5LiC9Rt646PD2LSb347o0-1bIA7HnqacgQaY0ZzrTN4tiWaY9yl3-ePHifQ7SI06n-y3Gwd4qGhKBeTe55lPtBumPdLAecLDsRWbnrbnKcp38kGjD5sjcRLKFhorVhUdDL4XtRPvmwpH9hLhFSJV7aNDUOnORa-GUYpGFz0qoLGbCMqQyd8gtrf6RjKuAim0hXPfswQXabLnPuk-BVxhtcyi3aIKlsYEpAtav-bv3TozvksrYgQba-zYKp6Z39Cr2lnZtvigyjhK1DXlADA6SfXOLEbSG0PEz3ChsvfiUyhj1AG6fYWFzyLbivH3sBSYm9Sz3-9ioqEK9WSuzhqaDf_qXwAyzeIT-4w5uLCM79u6gXO_XQH_1AKoGlv8wXh6GHbjoI5v5ns9vFDC2WBvokmRW0GZtUVHeEltDCLj_5FiruwJo3o62wg2mi2lgKogJm16F92IwzTsHxoYvF9yeyTxi4sLYql9q-rH33pr3NzRdsBjm5--vuWMB55ALlRPqkL5Y2PByE6L----YOim4CSjF8lyV5bsbrb5BgKH6jNXRd9xYB0dR12MVcSgppy1N--0Caps_o0ATu32-yAXJ-hf8Z_95eQVbFnRh3-xcJYvwhZc-f18zRB6rLlee9nyTPLD03931X2_bhWKX8zfYQinAm9pr_dp0t3nPTpT7z-yRiF0j20wmMFnvCiFm57Ywc4a-T7bWGb2TOZgfJQ9Hhbx802eByTQuIKema5gWUUu5I0Vzfjjvml_Pl1Ky2ved1HkQDJrp5K7yK9IfEMwLhllio10d-i2EjnBbygQCb5G2N8Dxp4nm_RJcA_U15ykskRhsCiYzwCmMQo1MCMI9pUaXM8QfI-4WlIeYnXRDQ1EONZecWCO367Jkbjkz1ne8fEJHheKWcMYOIwi7NgnhHIHWYzmkxM46-b0pBiIjKKnNk8BmZBDqhn3zs59l4TEU5gZfG83dzpiJRKsse7OPChIE0aULLGwXl_QAkYa0mHzKGyE9fBBB2o7GkkNyXFOOV8jyu1EgxBNOapG6ZeJf80a303OkbKNV5K-qVzNuERR4caCKn5WdkHekoAVbvz6ByIxd43LLeGikjCq6cspq1qdVjlDnI_4Vo5g8X7ZtQO-v9OldKQQyNAI3yOOifSKXusU-53Avj8YNkK4j3ydMkUvTmMZ7uIc_2RMpzSFkMyKR1Z_Rbx51eEp6MKu5oK_bxXxjxd0gngyMGKtb2u_GCl1pUv4vYu1TAvw&sai=AMfl-YQkV7gUMLAB3BEgf2wmagMgeyTO66-O-_9Z888BPfT5x_-iEMx1tMpJ_9zs9lTMluxbfuJ-f_2MyVSKuo4kymaBMWtTEma7xSsWGiIzVqhAASup38jj3TRfMdsbB_0e-Kybc2j7O095rXr04Atjx0YL4X9tUZj8xRBR2EfGYeftVMLKCL1xDC66ox2eElQLXX1kMBcfEzOL&sig=Cg0ArKJSzEhQ04wDZyQ_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=180&cbvp=1&cstd=176&cisv=r20230831.10059&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 90FB 22 KB
8 KB 9ms
9ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 224981
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5987 0
10 B 10ms
9ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ol6AcQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 7B73
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFyvun9tzTN8_bsArPWDeNY&google_cver=1

43 B
114 B

17ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFyvun9tzTN8_bsArPWDeNY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFyvun9tzTN8_bsArPWDeNY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 7B73 43 B
304 B 75ms
16ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 7B73
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFop3FD1RTBzuRUeJxgD0GI&google_cver=1

23 B
163 B

33ms
33ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFop3FD1RTBzuRUeJxgD0GI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Tue, 05 Sep 2023 21:01:26 GMT
pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFop3FD1RTBzuRUeJxgD0GI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 7B73 23 B
163 B 32ms
31ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWMzD5lYhWOu-Owylzh-S-S0nHCGKq2UDIMlKlZnua5jlyiwM022VNgYNPn4HlZcbw2Bbzeb26bSltksKDotiOEM0b9MhtIZCFjxvSf0nA22nilKjU7Q71Xfp2OKEpNK4nhhoFZkmtNEaBzYlBs_ikOD9b71zliIkuVntDTtWOp1PBTZlE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Tue, 05 Sep 2023 21:01:26 GMT
pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7348 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=996637515295&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7348 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=996637515295&version=m202307240101&ct=77&x=1&cor=5088255717555601000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7348 16 KB
12 KB 95ms
95ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp739gTOOEsfJB9albeEtgBPX3lqjlg2pjRvFpGqladvGZcmdnFVZC-TSVoaTr7-AdCXQn24XKUNpRImN_d2bNtzxBnUKgYFAqqW0QDaH_QibMWTfUrbHr_a1HjYmBQns7AD2j5NXZmRsBvI-T3wMEZ98F9mWVxs-hpxU8YM7Sg94RydA&cry=1&dbm_d=AKAmf-C3Dd7d0bAIZ7n3h53wRLqBICmL-HVnvtAa2oGi7ljrTKMdXCrwbVi1owhMB9tsMBg-MNa6B_lK8RKiK7ihTipgIF9zQB2YZcnqZHZ83AarfaxU81_kCXcOEKbEG1tKWU83mjeOZ2ZOVvx2portHO1Y97VdV2mm7t1IrLpAHPMRLRrrdhqAG7k8EHp5YKn2NxznfrPvxwGOJ2K9E2Y-ljwnDGa_bjtExj48iOwYWHdNw1ri3ZrC3_WRbkMrlzaMI2xeAXi0_oS7s5xfYIeqeW2km7IRaBWSsKnJM04wPyJsGAEnaZ4ckcu7xT5z4ixxoJgCnMXcpNFmcKT-Yw3y3u4vgHSM5UGUM7RAYvoXGn6CdSBVZnYiXK6X79u9zYMRf_4iZ7jV9XYXeIdV7XCCpXC-SKfcxFkQZvHNJLezEOvk8LfN6s8oO2QobhWDIa3K-1QtnKhvGI392n1nqfwxNCRZ4dJGljiDZmFBw5TBSdue8yGVA4DgTc9BpLegRBGHDsULq6IcwMWbu1ZmxK4RgNJsvtwtv0ThZ9STej88gwAJZerpw2pL-4drr3OmVU_z6qAxNQ1NW2yeP7n-tomCIUf3zCAHxHc1HV_OAWPYeLtD_TgA-j1q6B-dbZo-wJMI1hUw-3WDSdhsp3otWcep_6su8NdPZ798GSTMn-R5vXyMSzsiQABpv02SrKXHr9_wBw050tWIr5gnakvjw9ZIoXuBkqdiz-4zLSY5t89ubKWJxvhxITjnZ8dzpNLQ94evORU8pD3MAqZCdYPa7tnKkpUs5PtixagLnO20Z4dMEuh3AdEFK2DBphNbynu8OxhsFM9HqqW71rGBBqGhzne_y63wUBOT8F5Jkp9wlFI5UHG2vNC5uIfy3DpkMRUPadtEMvyPICVm20EjbltZbt5VRy6MYMxa03eWThD8AOWDRZJbTGad9BoVSdoy1x6syorezAJI9cDo52Te-pxiCFGZNb8MBvDoTEXaRBsbKnEMsPhaDyDCDnGlanuIoWRLFcUSooLctb4j0OlosAOGW5cFdB6oAc7mE8XE5NwrrI9hhpZsCemDRtQyvSwSycOiN3r8r0bvfJzHrqiOCFsDkUn8BKt7X08_8kKgNWLD8oo5VIVqIqgmMXePtMhqBaqq8vBGo-6CB0sWf6eSViTWiSiE7nuOZ9qA65QNQICz2i1ANwMlkzXEU0_D1LtyZJX4RcHeFmpgtsdoFD0zpRa4vL_VarZR3iXnQAqec-1yEGL43Nntv-dzZWJLznRPmhsBol5ru_LVylfMVc6QWDulu08GRyIi9y4lf-ZB44pkCA5mp5Ubm80aCk1JKDOm7SZQTj2OsBkpYHxVIGsDEmRYeF8ZWs3rStUgZaPLDDg-pecA14gEDaJgyK8pfxKBU4YV2SPM1lgwQ73rawsHrHXsO2Jyecu_ODrlHdtQYZ8NyP8gGZ1ub_QZ-zGAq5DxS7kGLIC6Iflp97qfMxSqelwqVYRLMTLVBEfSHfiL92D6G9DPtWVeaW1q5Tc8SBrReYAQaKXXKcn-n_2d6eQ35FSwA4TuTVequeFRit-JfMiNwv9V1m0RJlLBh8qkQOOXwcTt7mQp9CgtXEyhw9hf9ug3zhLw47nDuUPyGPlF3LK-3wNrR178LynpPJORO0w4EF53UTz51r4pkKB6coNJrFtMj4Q6h7QdQtFlHiQgSDJHEygYQQmBXySsMaGHiP_RaqOYEG1P6UbCrkVNq8KrraHWGp8ZDOLkDox0ys8ob36Z8DKA7L9NLw94Au2Y4Qe-mQ-9NM-qFJtnvgx5132ReTH49Cskw-RhBa6sia7C8V1bwU2bR38LLP9Gcpyj3iIauGYEJUY_vqU0pGD2QX97oH5OAFf8WQFP2fpbGruSo28KC_p2GIQFKdbn2288z_dhelThWctEqQzf9VDjgVCABUhrCew_m4zpeEyp7U_6mV47QOWrTc4jV5vdosQMtqpMB4RIO0i9Lk47mZd-EsHSTszieO7k_q1NmKxYYkSfYw3tmDxgjUl2HsE2H2a3udwSD-_1HozFL65yewc9U987JDh9oxd1UqSp3Uoc359I6ricm5BSru3LgJfSS1TvkT5TyLfOW1YgUmfhccZLgQfwaa0SjaOoMXLxPchWO_jrC6Q6q-OCTQOHonsrhnDZKii7TxozS6z-ofb6_oWahzTrVB54Gdvg3IZIcrNTC1xsiYQAE_MOrEDnCjcygwk0C39PwwxYpkBrUPyOZa2C1_OpBFOuEDyybfI7bdfMy3kRXy8Nc3phv7zOhUN5-nxMIFuOfuiSQ8_AoYczXTjKPfiCSwktXbTdmAag4vqw7RVRSvJOq0xf34VzqqStv2Yqop-T5KsuXWxDsBBcT3XFKoEhK32MbYlhHb_K0ryfgelNRtyz-FeenJ1FP05QT0EiMNycP_oi5DbFSQCMRVDNbl0FwOjYfh9Y4QkQBdTBDabQiFEcHDnD-WBas_LU6mxMiH8rwomni3BepMiy90w-sQBMqm14rWpB5khoCrpSxmTQ-GEKJVKrwW7-1W-I5w1noJOmM4CHQg5KB1h0J9gGdy2hxSx3dPFlf1iUPZZu5tWoXisdOb-PHUEjg7omWN2R9bTuTc4tMnR5_SjjP7b3bActoWauy-x36bYUDdqtNnega0fSM9EYv4TFlStJDDU4tahebDwqdqrQuF7Aqt4nkRwfiBTSytvwxtYf2WYHtJQvWahKkDI6l344dapnY7ZzByfh-9ghn2ON3shokmLSP8kIZOX-WuFJS9x7839VF3x4OQ7RHnZ7pdt3w26JIrq1xsUT_UlmAl06ljB8D3hvDyBlsdhBzSPnQguEUs_XKQ70Ko2tYZKLkvFMvfFda8gLPyfKHUz9VLfzmLkLoYkSW7dMk_3K0znpJ_sKyu1SPrYRbqk96tZW7EYHiykuvSAbI6mQKBCNMIBoRz95BeLj1a_T7rNibaOX5LRC7gNqC6xTJrMi4I0pPxF5c_qIujV7vpkNbHSIQTTSCOk3yvRUkmWYmFTm_LAE9SOthNIDtaRxN-cLRXT8ERMOdZF8c38j8QbXQuYBm3cKOftla86gTSKOJhmLOX3VJ9EUKZgmc8cxfiJ_rS8WEMrXWSS1SSHyL770l8crSaXJROCkHvhKI3LWrycJ_CTnyonki_Sjf4p3p6xPHXhzOpzNaOye080UbJxe9uFK2oDiH4PrRt2WmsWjb0zkl7PMPkJwMnlP5apMGukr7yTfgYR5Jx0uuKz9H7ivNjCOSTZbyiIhu90OjogkCvnJa6S7kJvBjXAtKLhlTL-UedpcFDgRsYX7FKS8L9vYfbuiPI_obn3PDyL0c-cnDQppekGDq3sRWDJ6u2N35EKFsw0mXQFuyK28Vk0mYPop0GLDB1NxF2zAxYv1ic2yvntgF2zkwAJvrMtsPVQhWIFN2esS7W4U-Xo-9SHeOSc60JBTevsHGmInPKbPs_0VXt2S_EUvDXn6N_tAPJU_kjDBdW8VZUTSNdgf1q74MH0lWvxWOtqmWLQGUcS-w4xzffuCbdc0Cnk8eeiU9untzLFbwz_7HJXj2DNV_D_tbM6GpqXbctHXlz-WS7AE19MJMe-6BFLgXMnjL46VMK3rb0J1ej-0S-0nCTZRjb739RFihSe3KKGOmBw_SGj013lN24hP0J-HL6gZhQNfeWoBG4TcozuuWrTqxtciUXUmphPakxgJSqQBsKi7g7cvE3-rzsXmAdmKSUSqMRZBpg&cid=CAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5088255717555601000&adk=2124396030&idt=72&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64c5de999cbcac1d2d9725e0c9562492e84ffd1c70469f2bd5eb169089b413fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11889
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 8720 0
0

GET
H3 200 container.html Show response
2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8231 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:25 GMT
expires: Wed, 04 Sep 2024 21:01:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 19DE
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-5884294479391638&ias_chanId=1&ias_placementId=20338656165&bidurl=https://www.xgcartoon.com...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

12ms
11ms

Script
application/javascript

2600:9000:21f3:6e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:21f3:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 19:02:22 GMT
x-amz-version-id: akOqjFMSMxNB2K6FJA8jdyBVXEiL5nl0
content-encoding: gzip
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 439144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Aug 2023 19:01:30 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: kJJVTaw7pHXqCaKsfSwmOFTN5nRCeGRm-vx6J5Y0-57QP3huNqdnQg==

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 4F33 91 KB
23 KB 64ms
7ms Script
application/javascript 2600:9000:21f3:6e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 21:19:49 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 7688498
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: PEuN1vTPEkM8OPEA9_FkeZ066lLN9mpvzoNGkJPdR_YSIvlAU9Wimw==

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5E01 29 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 13:20:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 13:20:04 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5B31 172 KB
60 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 05:22:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 05:22:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/ Frame 5B31 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AF27443cuUh0Gn6CHQhifUV4p-Xht-DIhk3kG7QGZBAPm6Sy3JQ3HYSliPKjjs9k0zGItAZeK08co5O_wy2V5CZj5KLtq0g9CwNLge8ozwPB50Qrc&cry=1&dbm_d=AKAmf-CzjJ0idMx6BN2s_CVn13t5OXQwZExto-JHsEL2OEVpZ4pv0in2RX9Q3-1-hfjaSPytIEgg4B4LZV5ZYhLSE3gmG31UZ871Q-3Lgqw7EBqBMIkLWgBPz8OPtGEzcWkXKPWHB_i8qXZSIAcukt7TSfRplPfElxA3D8yiZYIYPR3n2zcVUGWeGwqXMiGL0xY5mYIN9Bd2bwn8h4u4lks4hq0Wtxob4ljJRGlrN0jl7Fa36CZ1d-ERlKm9qbTTZF4G4xMOB0-YxgNdDa2fjGw_ku4Xu05FioFl8fXSgiDHqCffnc66cT4oD4vHP1aeOPKzVlAEFjoHI6OQz05XLHFhWBjF5g9QGpBPirdb7m49ul7mT497cjDcyyMqPksExxJN8J8bKSXobesTmXnnfwgdds58uDvUr2rNKHnux6hL1kCkrGAu--L7zgUid8-vbSpSOwsbpi5AARKZt0ZsoJNaProCEKOgI0it4-8Ndho-w5rqhlVtbu3ygZgFXCAlJLFQZ_ffmgWxQh7z7_kHcnajJZy7LdoAE0Ajq6dXq7XE8dH3hQv8W5JyVyb2fXYyzAFLF74sLQCAaCjEY6aPv4K3dPFkDFl18k_bZ7s8JC6exojsCyxYnsj92_VCew6_F5j72nDB10g0o-0_A6_YYAfecTEGdrCmJlsdT4swlMrugxz5gciM_K664NbteskrVLZn-onBsL8xqEqD-a7jPp7FmGLqGvrEuU25p4gW-CN2L5JmUvjrIZB3M9xT2EAwb1jUu4lezKVup-57Mxy19CB4_Hf1wUmp2lPAkJVVzpQFXDXvK6aA5IaILDk-vbAHl5Qebp-q0hnAc7-qQ3p9k_cExTfR-UOL5fYXz_2L48moOst0Nwh6jWO41LJ7hUw_rnOhPQWcVL6ICPmOccWgO58pJCT67fZPPvCPTDFs5awSAQdqcJXl0zHiNq0-AMxHKB7t57J-jo1-yM79PygXweB_CA-WRmR2G9wp6DCL4jD2bGjnfLG0INd1Y2-czoJ2V1lc-DyetZfwAYx_tkzwFWflwZrppBX7KpZIdYIqgQK3jfWnbQ8vVTG24Wl1SEd69nmOyLYqLYkWgFYQHb0TbDghlhcC8QqMULcyMXPL5q0R0xRXnMvS6wjGUHYg9Z3SjJfNEYP7p-bFymDVtWCkSb3_NA_Y58Tb_QFQ9FDphNvRpTS--im8jztxMJXKURWXTZ-6N3enZ2ZD1bdV92QQD9hKk3H_UyTRtq6gltrciDU_W6uVZcmn5ZB0cjSmN4NNvfrmPxLqztnjcqjbUcvVET66QffSrpekBZxK14aHAxxPzvz-ccUiKikytQvoPbWWhpnJ73w4i26L7ZC_swbBKvQbZ-sTxg_qQ6nV3eSUZQ3hHKzd3g71CftymISDgj1Y946cgEe7_u1LLRXAOPaPnnP9N7_bpDQ6tmmVuqQVEloqd-KBIpUtMcv1CxfYfnvIm9WZDLwXs28-LGJDOXPV8wYUcJmIKQJ36ADhHumYkgrJMOMGtBi2csYyx6uE9H7ieJNxcPF-8QxVylcBG2ZsxjSN0mwW5fa35g9bKqXEKPRhmhwtbbloUyZ7m9c0lInlNp_ks_f3Pxik2lbki_LBhg2CInXCm4gdL0bfREOYT5QUkMis2UKA43YZooA47KvTdyGvTls46epwf5mMbUDnqe_aa6z8rZWhUuv5R1MEhaiHyNKNE3Ts60iTqVlfzOZ_GL3FCk1_weHkD7juHuTkgBJ22j89DuAbWnomobJ9FavNqEqRL-CXWzequPVhhTq1UkfAP9yNxqhxQjqh5_VnkwV_GtaSyHCFWTlxivsFeDVfKevXx5LPcT-Krzr_b9-ZGcqogfI18K2_JbHWjrY9TVfDWn9MNCZpt5xEY_Uqz22S6J6ZlZDW9WAuz8aAXENYW2ZZ5qXgifCm8k8_F4XGIsdk7txI5Ag9vMeMnrdgS7qJuh43r7p0ZPWj4QcEg3vxTHLFUa_jdET2JhI7bsodvqWzrRIvR2x6m9N8-5vJhElNeoivMCC7NmJldJ-nQm5iT-gB_u10yJN3Gtq4TEbqSapjYJeJyX641JCJK70ivA_nPEsaYCUHhDmf8A6vxQu74aJPnweE2cf-OtiQgPehe8lACtJ3yqls9JGl_hdRkWsjJUaGOcVC6zgdX98itGdKGZkH5K7g9rWpokOioNQqgU7j0fM_8NuzgVL2qJqMvL1gwNNFlqlpYKPxFK32xp5sl9qSIBWXar1Z_poq9g_O3l-1425v2owraqCJPXbP9b55RLJlNW3fAvTFW8fJaJhatkp2p4UARFVTAmCUGxha3kS7fXnhWAarj8PL5RiJJVgnOuvgAInBlYJoME9BO1QuLit0s68LGqEhw7wbpSbF5G8jdBm8znKUTsWcKC9_I9gUNpZIZni6EDsm0-InPikJhAJp8VY6tKxEwiy7zwxKcOI0RIfK2JFyK6NH351T4cctpIyswItn9dSwHzKQtlkO2wD_CmxRC747F0IsPLXYaUXU30XbcYqW-vXoKp0OJwq647POxBWYl1N_ZMgtRKQ9ukyJyAra1n95z3-DD2iekL-1s0q22_FAsNDUa_WvVMwUctABn0Zfky7kqj8f38Qf5IIE96BlgqDHHs9xZGVHhSVYqf3y2XFwy37Jlhf7kG9qfRXR42D7-MmfA3mSrfoBDEVqalhCxUgZhAm7r4PaWCxoHoocfsXj9fTkDJan0hXIXJ-x13xTQWJ5u315YFO3T4Ymd9zTG_h9L3HE2uWN4Kj76_Pw8G-9XIIk4Hl-NFF8no_Wd5fuGqi9WtHpjtzcFug-K8a6P9NhqJNJ82H2eXisHuMkWpAhf_SSuTrsyzJNJkNhSej_sdCaJwJUPnwWeetQaqar6jiUXx9EAGk45wpZSDk3NJ-lwjIA70yQT0oN3zFHL-6KGqE7w4k68P_HG6L6-Yq_8qyskYadVIHWpg87M9b0tT-R2meGCanC-jtEx3XpGGDS1M16drTEQjuCGNOSwOL7UKpAyeG24kVk30ICmM5dncl-CVk7I2Xbbxi6BOrBh40sWRF_XgGg9YEqfWRFRbrcQ6l_gZqv24TXNmM90mKGa0zKgphFZAMhc4ZV5ocUbqb--vdurqKGNxsiLVZVYEdLJsNZPUxLyuaPL2-NY91Mb1ek9F6J44mPqqr_R7EqAoN2oZAXSQmmFgLg6k5AyUWCai-RKO2dxLMX6Op5BBP9pUjhFeD9KHM-tjpQ4bAu1ESLz7E4BRLi1nQtdu6sGUK6Hitk1ThaR2aofuTX3r1fEyyvBkn8HkVCmZFzRPvdk_hkrwFXw0WF6oRzqau2_aLmSPEK_d5oDKyaaxZgmCLpj8XMw_n-ugNYrjlpHp6RihSOicT8LF6tM3qQejPSACKimwGL2wC0s40-48ZYVVVjV072IPbSXi9FclULR_fVBSErokA&cid=CAQSKQBpAlJWxbU2eHuLkVnpG7rF9QCUX478AYlntQwTmuSomhSr8ppg2-UWGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=3299037184546351600&adk=3676778483&idt=101&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:39:55 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/ Frame 5B31 30 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:54:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:54:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5B31 41 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 321611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4FA3 0
10 B 8ms
6ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hWx7Nw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 19DE 43 B
216 B 376ms
118ms Image
image/gif 2600:1f18:1aca:4282:5175:98b6:9c84:22b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=fc3baf81-192e-aca2-53d5-03e7f9a67ff8&tv=%7Bc:nnCv01,pingTime:-3,time:106,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:106,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B99~0%5D,as:%5B99~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tP1dRrd+111%7C1121%7C121%7C1221%7C123%7C124%7C1311%7C141%7C151%7C1521%7C153%7C154*.990511-61634096%7C1541%7C1542%7C1543%7C1544,idMap:154*,rmeas:1,rend:0,renddet:DIV,siq:21%7D&br=c
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:5175:98b6:9c84:22b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: nginx
x-server-name: dt24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 19DE 43 B
215 B 371ms
118ms Image
image/gif 2600:1f18:1aca:4282:5175:98b6:9c84:22b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=fc3baf81-192e-aca2-53d5-03e7f9a67ff8&tv=%7Bc:nnCv05,pingTime:-6,time:110,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:110,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B103~0%5D,as:%5B103~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tP1dRrd+111%7C1121%7C121%7C1221%7C123%7C124%7C1311%7C141%7C151%7C1521%7C153%7C154*.990511-61634096%7C1541%7C1542%7C1543%7C1544,idMap:154*,rmeas:1,rend:0,renddet:DIV,siq:21%7D&tpiLookup=ao:www.xgcartoon.com*%2C43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com*&br=c
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:5175:98b6:9c84:22b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3255 1 KB
643 B 17ms
16ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 08:56:47 GMT
etag: 48472445140208031
expires: Wed, 06 Sep 2023 08:56:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3445 466 B
235 B 52ms
50ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNU9ZW2KukKVxPjo5LsNO-7Gv4IUOjI_LfALZUvB_0A45kogKdMpd-4lazEe5FEHNoQWEYiDnPsih5bxSIR8vn-7WHPLzE2Xew9f9HqJywI_mtpaxzx8A1Mrg3srBKZAtBldBCAd0zbSSv63UN6wPvvMyqpZ3R8V8zlDQHm8YnQHEY9jrCA

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8231 86 KB
29 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8231 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CCl1eEEWbMnn6U7hU5LHBGkNw5CzAoZzyHJi31YjPHfNTO9-Wy3tWEyA4m0vzh8AZR0ICALTypWBxe1ODpnEJnOs4zNPnqeGSr_99yGoGi6hrIPUs

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8231 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12351440499569879357&x=1&ct=76

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 8231 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/ Frame 8231 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230831/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:25:41 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8231 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSIc_CpixuV8_anBgYhb8JtFUI8Zzzfz3jIj4VDEy0n1KlQb2S4iHOn5JznrB9ida35sZVo0LoL6sbUUQ9LcnDW01rlVg
Requested by: Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8231 181 KB
56 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 19DE 43 B
215 B 306ms
119ms Image
image/gif 2600:1f18:1aca:4282:5175:98b6:9c84:22b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=fc3baf81-192e-aca2-53d5-03e7f9a67ff8&tv=%7Bc:nnCv1a,pingTime:-2,time:177,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:526,beZ:527,mfA:529,cmA:531,inA:531,inZ:535,prA:535,prZ:541,si:546,poA:547,poZ:568,cmZ:568,mfZ:568,loA:635,loZ:637,ltA:702,ltZ:702%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B170~0%5D,as:%5B170~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tP1dRrd+111%7C1121%7C121%7C1221%7C123%7C124%7C1311%7C141%7C151%7C1521%7C153%7C154*.990511-61634096%7C1541%7C1542%7C1543%7C1544,idMap:154*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:21,sinceFw:154,readyFired:true%7D&br=c
Requested by: Host: 0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
URL: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:5175:98b6:9c84:22b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7348 41 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dp739gTOOEsfJB9albeEtgBPX3lqjlg2pjRvFpGqladvGZcmdnFVZC-TSVoaTr7-AdCXQn24XKUNpRImN_d2bNtzxBnUKgYFAqqW0QDaH_QibMWTfUrbHr_a1HjYmBQns7AD2j5NXZmRsBvI-T3wMEZ98F9mWVxs-hpxU8YM7Sg94RydA&cry=1&dbm_d=AKAmf-C3Dd7d0bAIZ7n3h53wRLqBICmL-HVnvtAa2oGi7ljrTKMdXCrwbVi1owhMB9tsMBg-MNa6B_lK8RKiK7ihTipgIF9zQB2YZcnqZHZ83AarfaxU81_kCXcOEKbEG1tKWU83mjeOZ2ZOVvx2portHO1Y97VdV2mm7t1IrLpAHPMRLRrrdhqAG7k8EHp5YKn2NxznfrPvxwGOJ2K9E2Y-ljwnDGa_bjtExj48iOwYWHdNw1ri3ZrC3_WRbkMrlzaMI2xeAXi0_oS7s5xfYIeqeW2km7IRaBWSsKnJM04wPyJsGAEnaZ4ckcu7xT5z4ixxoJgCnMXcpNFmcKT-Yw3y3u4vgHSM5UGUM7RAYvoXGn6CdSBVZnYiXK6X79u9zYMRf_4iZ7jV9XYXeIdV7XCCpXC-SKfcxFkQZvHNJLezEOvk8LfN6s8oO2QobhWDIa3K-1QtnKhvGI392n1nqfwxNCRZ4dJGljiDZmFBw5TBSdue8yGVA4DgTc9BpLegRBGHDsULq6IcwMWbu1ZmxK4RgNJsvtwtv0ThZ9STej88gwAJZerpw2pL-4drr3OmVU_z6qAxNQ1NW2yeP7n-tomCIUf3zCAHxHc1HV_OAWPYeLtD_TgA-j1q6B-dbZo-wJMI1hUw-3WDSdhsp3otWcep_6su8NdPZ798GSTMn-R5vXyMSzsiQABpv02SrKXHr9_wBw050tWIr5gnakvjw9ZIoXuBkqdiz-4zLSY5t89ubKWJxvhxITjnZ8dzpNLQ94evORU8pD3MAqZCdYPa7tnKkpUs5PtixagLnO20Z4dMEuh3AdEFK2DBphNbynu8OxhsFM9HqqW71rGBBqGhzne_y63wUBOT8F5Jkp9wlFI5UHG2vNC5uIfy3DpkMRUPadtEMvyPICVm20EjbltZbt5VRy6MYMxa03eWThD8AOWDRZJbTGad9BoVSdoy1x6syorezAJI9cDo52Te-pxiCFGZNb8MBvDoTEXaRBsbKnEMsPhaDyDCDnGlanuIoWRLFcUSooLctb4j0OlosAOGW5cFdB6oAc7mE8XE5NwrrI9hhpZsCemDRtQyvSwSycOiN3r8r0bvfJzHrqiOCFsDkUn8BKt7X08_8kKgNWLD8oo5VIVqIqgmMXePtMhqBaqq8vBGo-6CB0sWf6eSViTWiSiE7nuOZ9qA65QNQICz2i1ANwMlkzXEU0_D1LtyZJX4RcHeFmpgtsdoFD0zpRa4vL_VarZR3iXnQAqec-1yEGL43Nntv-dzZWJLznRPmhsBol5ru_LVylfMVc6QWDulu08GRyIi9y4lf-ZB44pkCA5mp5Ubm80aCk1JKDOm7SZQTj2OsBkpYHxVIGsDEmRYeF8ZWs3rStUgZaPLDDg-pecA14gEDaJgyK8pfxKBU4YV2SPM1lgwQ73rawsHrHXsO2Jyecu_ODrlHdtQYZ8NyP8gGZ1ub_QZ-zGAq5DxS7kGLIC6Iflp97qfMxSqelwqVYRLMTLVBEfSHfiL92D6G9DPtWVeaW1q5Tc8SBrReYAQaKXXKcn-n_2d6eQ35FSwA4TuTVequeFRit-JfMiNwv9V1m0RJlLBh8qkQOOXwcTt7mQp9CgtXEyhw9hf9ug3zhLw47nDuUPyGPlF3LK-3wNrR178LynpPJORO0w4EF53UTz51r4pkKB6coNJrFtMj4Q6h7QdQtFlHiQgSDJHEygYQQmBXySsMaGHiP_RaqOYEG1P6UbCrkVNq8KrraHWGp8ZDOLkDox0ys8ob36Z8DKA7L9NLw94Au2Y4Qe-mQ-9NM-qFJtnvgx5132ReTH49Cskw-RhBa6sia7C8V1bwU2bR38LLP9Gcpyj3iIauGYEJUY_vqU0pGD2QX97oH5OAFf8WQFP2fpbGruSo28KC_p2GIQFKdbn2288z_dhelThWctEqQzf9VDjgVCABUhrCew_m4zpeEyp7U_6mV47QOWrTc4jV5vdosQMtqpMB4RIO0i9Lk47mZd-EsHSTszieO7k_q1NmKxYYkSfYw3tmDxgjUl2HsE2H2a3udwSD-_1HozFL65yewc9U987JDh9oxd1UqSp3Uoc359I6ricm5BSru3LgJfSS1TvkT5TyLfOW1YgUmfhccZLgQfwaa0SjaOoMXLxPchWO_jrC6Q6q-OCTQOHonsrhnDZKii7TxozS6z-ofb6_oWahzTrVB54Gdvg3IZIcrNTC1xsiYQAE_MOrEDnCjcygwk0C39PwwxYpkBrUPyOZa2C1_OpBFOuEDyybfI7bdfMy3kRXy8Nc3phv7zOhUN5-nxMIFuOfuiSQ8_AoYczXTjKPfiCSwktXbTdmAag4vqw7RVRSvJOq0xf34VzqqStv2Yqop-T5KsuXWxDsBBcT3XFKoEhK32MbYlhHb_K0ryfgelNRtyz-FeenJ1FP05QT0EiMNycP_oi5DbFSQCMRVDNbl0FwOjYfh9Y4QkQBdTBDabQiFEcHDnD-WBas_LU6mxMiH8rwomni3BepMiy90w-sQBMqm14rWpB5khoCrpSxmTQ-GEKJVKrwW7-1W-I5w1noJOmM4CHQg5KB1h0J9gGdy2hxSx3dPFlf1iUPZZu5tWoXisdOb-PHUEjg7omWN2R9bTuTc4tMnR5_SjjP7b3bActoWauy-x36bYUDdqtNnega0fSM9EYv4TFlStJDDU4tahebDwqdqrQuF7Aqt4nkRwfiBTSytvwxtYf2WYHtJQvWahKkDI6l344dapnY7ZzByfh-9ghn2ON3shokmLSP8kIZOX-WuFJS9x7839VF3x4OQ7RHnZ7pdt3w26JIrq1xsUT_UlmAl06ljB8D3hvDyBlsdhBzSPnQguEUs_XKQ70Ko2tYZKLkvFMvfFda8gLPyfKHUz9VLfzmLkLoYkSW7dMk_3K0znpJ_sKyu1SPrYRbqk96tZW7EYHiykuvSAbI6mQKBCNMIBoRz95BeLj1a_T7rNibaOX5LRC7gNqC6xTJrMi4I0pPxF5c_qIujV7vpkNbHSIQTTSCOk3yvRUkmWYmFTm_LAE9SOthNIDtaRxN-cLRXT8ERMOdZF8c38j8QbXQuYBm3cKOftla86gTSKOJhmLOX3VJ9EUKZgmc8cxfiJ_rS8WEMrXWSS1SSHyL770l8crSaXJROCkHvhKI3LWrycJ_CTnyonki_Sjf4p3p6xPHXhzOpzNaOye080UbJxe9uFK2oDiH4PrRt2WmsWjb0zkl7PMPkJwMnlP5apMGukr7yTfgYR5Jx0uuKz9H7ivNjCOSTZbyiIhu90OjogkCvnJa6S7kJvBjXAtKLhlTL-UedpcFDgRsYX7FKS8L9vYfbuiPI_obn3PDyL0c-cnDQppekGDq3sRWDJ6u2N35EKFsw0mXQFuyK28Vk0mYPop0GLDB1NxF2zAxYv1ic2yvntgF2zkwAJvrMtsPVQhWIFN2esS7W4U-Xo-9SHeOSc60JBTevsHGmInPKbPs_0VXt2S_EUvDXn6N_tAPJU_kjDBdW8VZUTSNdgf1q74MH0lWvxWOtqmWLQGUcS-w4xzffuCbdc0Cnk8eeiU9untzLFbwz_7HJXj2DNV_D_tbM6GpqXbctHXlz-WS7AE19MJMe-6BFLgXMnjL46VMK3rb0J1ej-0S-0nCTZRjb739RFihSe3KKGOmBw_SGj013lN24hP0J-HL6gZhQNfeWoBG4TcozuuWrTqxtciUXUmphPakxgJSqQBsKi7g7cvE3-rzsXmAdmKSUSqMRZBpg&cid=CAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5088255717555601000&adk=2124396030&idt=72&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 321611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
DATA 200
OK truncated
/ Frame 5B31 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee060b282b72497b9ced2a4519aa524627f600a146a7d34c5b3e5987e1ef340

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 90FB 38 KB
14 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 7348 11 KB
4 KB 48ms
12ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1693947685797508&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 785f9564eebed02026e03d37813a63c10703b1ce523595ecf2059d7265d3f7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:26 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4169
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 creative.html Show response
s0.2mdn.net/sadbundle/4109205582467039232/ Frame 9D05 1 KB
473 B 15ms
14ms Document
text/html 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4317cf568ce364f433b3d3654bd15634c4e32ab44c4691b3ae41bbde15ae2b7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 445
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
expires: Wed, 04 Sep 2024 21:01:26 GMT
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5B31 0
0 60ms
59ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRmmi_nx-1fNxllAQUHS2a-7Umj0aX_oY-WHFibbKLnmKqmWc_JJcouuLBSDZOGgh-FUaCR1x001F7Q_DNh9T8kx7jWVEqeLdccjPIe2QKDsAswK7b-tM-UFIxC1rUBHTnVtNxC-J7M1DksMg-E7YpaO5diOVMV5tV2IIUbuKWsilnhXDnJSO4XSgl9CBQL1iRzLXR9A_miZDDnwXa8o2BrGMcxPtzozycTCoArqahK3cG01gilmtb2B3IOuKHOa240p_4ehhNGyzW08KHp7fdlxEL0Z_GtNcgnwAYrfhSTbqSmMFNnUPjQFNxQ7gLTLkdL5UeM4zYZh8AVmaAvudjURtxYIItcnnliRKmZgzO3rBuET5UvRpOJ-vLOcEPTpP4gI7gr8cxrG15eVRiXHSInb1xAzXeAQ4QpLdXStkKNnJDVtuZfNK3AKI01O906ZZvD0qAxg1HbN8xYxUV5EEH0PFPua1jz2zlhME7UnDwwfr3OxSeEA6HI0yVeiWbUE3jo3zkR9edZ_HU810fmoYzvdti1e1rpnsOkNXbUn1G_4v0SNW7pxnTr0eIgyot3N-AZruABg3ZUrkjQYGr1toWhPx1xnVMx-F7NaFUAt8HWWK5P_NTumLoojQxFTjeaiHQGLHCO7tRQ2ZqO264Q2jsHzF260eni2tNucePs1Na5FAAN2Tr3hoMcNaNvIF2vh3cu19hfI4mQU35zXrEmeP3i4SnaNj7HwuVHv4lJB9kzhNszBaUDocwmsqFZKEKtHKrSDVgho7mXDfjLZjdKp5Fzz3-KQvCE9fNJvBVuSOZdwkUMgWQYC0ZtIzxOZkITYgvhk8gIQfU6Q4K8GdnwBnM7JDfqEVH-BhpcV3Mcb8C1DhQgCDevj-Ja8Du2vN3gH2IEH7faP_6__CvgInuiBuPpFk9tAnXmCVSQFjcJ1-jou87RaTUmS4ebewvtVDJhXTT7iFaQo-EWWsOZzF0j-0AZYBEgSBYSznGomsMkpCNsx89sJxiXzCI6FG9almhmBJh6DDG1Yc5ihU0BFZ4WH4sR0KpwLEqOLgO9ohPxQ1pDnbQBVN0kjtve5iP-Fo4PShqfgzSImZgKB6TxMZIYH3WVLMKqOCf1H4tx4JqVal5ey9eojtP4P8Z2rKZSeJf0Oj2MR8prz2mLm_xLhUJOdPsTxQgbofDoN4oRZuR_6nRY5jfbcv1cM7O1RnfTypF2swe-zsOACvi9gWXLZ-0Uaoo4DGXq2o1jKTXXsf8Ic0Z8Q&sai=AMfl-YS36Uv03VPyV0ln8HeXEdMxjlu7XimJF0qudG1ozD0790UTXxPw_7QxspSCCIB5fgjUrBi1iHDC3GQaOs0cCRjpnQvAfaQYXJhOtH1m-maektq127-X2TWoRdymvyUVsQPVdZZGO28mS-skl7KzP8Yeirlna5Uc3e-EYsrM2CCj-fzZISV4yqBx-zxrSDThwGMwjfNYIIN-&sig=Cg0ArKJSzHRWLhR_VTnfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=149&cbvp=1&cstd=135&cisv=r20230831.23579&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 19DE 0
0 47ms
47ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-kOzh2dyfaKoIBg-zCzcWG_1yIWZGKsc-_9ON81ki5SuP8jGhlqBazL5LiC9Rt646PD2LSb347o0-1bIA7HnqacgQaY0ZzrTN4tiWaY9yl3-ePHifQ7SI06n-y3Gwd4qGhKBeTe55lPtBumPdLAecLDsRWbnrbnKcp38kGjD5sjcRLKFhorVhUdDL4XtRPvmwpH9hLhFSJV7aNDUOnORa-GUYpGFz0qoLGbCMqQyd8gtrf6RjKuAim0hXPfswQXabLnPuk-BVxhtcyi3aIKlsYEpAtav-bv3TozvksrYgQba-zYKp6Z39Cr2lnZtvigyjhK1DXlADA6SfXOLEbSG0PEz3ChsvfiUyhj1AG6fYWFzyLbivH3sBSYm9Sz3-9ioqEK9WSuzhqaDf_qXwAyzeIT-4w5uLCM79u6gXO_XQH_1AKoGlv8wXh6GHbjoI5v5ns9vFDC2WBvokmRW0GZtUVHeEltDCLj_5FiruwJo3o62wg2mi2lgKogJm16F92IwzTsHxoYvF9yeyTxi4sLYql9q-rH33pr3NzRdsBjm5--vuWMB55ALlRPqkL5Y2PByE6L----YOim4CSjF8lyV5bsbrb5BgKH6jNXRd9xYB0dR12MVcSgppy1N--0Caps_o0ATu32-yAXJ-hf8Z_95eQVbFnRh3-xcJYvwhZc-f18zRB6rLlee9nyTPLD03931X2_bhWKX8zfYQinAm9pr_dp0t3nPTpT7z-yRiF0j20wmMFnvCiFm57Ywc4a-T7bWGb2TOZgfJQ9Hhbx802eByTQuIKema5gWUUu5I0Vzfjjvml_Pl1Ky2ved1HkQDJrp5K7yK9IfEMwLhllio10d-i2EjnBbygQCb5G2N8Dxp4nm_RJcA_U15ykskRhsCiYzwCmMQo1MCMI9pUaXM8QfI-4WlIeYnXRDQ1EONZecWCO367Jkbjkz1ne8fEJHheKWcMYOIwi7NgnhHIHWYzmkxM46-b0pBiIjKKnNk8BmZBDqhn3zs59l4TEU5gZfG83dzpiJRKsse7OPChIE0aULLGwXl_QAkYa0mHzKGyE9fBBB2o7GkkNyXFOOV8jyu1EgxBNOapG6ZeJf80a303OkbKNV5K-qVzNuERR4caCKn5WdkHekoAVbvz6ByIxd43LLeGikjCq6cspq1qdVjlDnI_4Vo5g8X7ZtQO-v9OldKQQyNAI3yOOifSKXusU-53Avj8YNkK4j3ydMkUvTmMZ7uIc_2RMpzSFkMyKR1Z_Rbx51eEp6MKu5oK_bxXxjxd0gngyMGKtb2u_GCl1pUv4vYu1TAvw&sai=AMfl-YQkV7gUMLAB3BEgf2wmagMgeyTO66-O-_9Z888BPfT5x_-iEMx1tMpJ_9zs9lTMluxbfuJ-f_2MyVSKuo4kymaBMWtTEma7xSsWGiIzVqhAASup38jj3TRfMdsbB_0e-Kybc2j7O095rXr04Atjx0YL4X9tUZj8xRBR2EfGYeftVMLKCL1xDC66ox2eElQLXX1kMBcfEzOL&sig=Cg0ArKJSzEhQ04wDZyQ_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=482&vt=11&dtpt=302&dett=3&cstd=176&cisv=r20230831.10059&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET

partner
sync.search.spotxchange.com/ Frame 3445
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGyjYg0wV6qme_QDiVmicyA&google_cver=1

0
0

GET partner
sync.search.spotxchange.com/ Frame 3445 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 3445 0
125 B 84ms
11ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNU9ZW2KukKVxPjo5LsNO-7Gv4IUOjI_LfALZUvB_0A45kogKdMpd-4lazEe5FEHNoQWEYiDnPsih5bxSIR8vn-7WHPLzE2Xew9f9HqJywI_mtpaxzx8A1Mrg3srBKZAtBldBCAd0zbSSv63UN6wPvvMyqpZ3R8V8zlDQHm8YnQHEY9jrCA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 19DE 0
26 B 68ms
47ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvhbYUEQf7T1xXZTnVHwG7zlVAG-QyIBpjjtYbtBvmXRvAdVaaNzbcA-5xVm1uIq8RqB-Qj6ndY4v8_TRCE2_jFzwCi7sOI80T1nbQJfBrZSku-i2rvj2WXQ1hUEQNHSW3mJ4fK5kyNZcc53k6HfVZfOfGNWAuJUp9QNjfleIGTR0k&sai=AMfl-YRfIqA7ynO40guOR3mTQFweK5NIytED9sOxdohjUOUvwXJVsS3mVoV31GomC5AV1wsb1cqL1OJOIDodUVYKVFtYATTy2LFY2k5Iug&sig=Cg0ArKJSzNT94oQRUvy5EAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 initial.css
s0.2mdn.net/sadbundle/4109205582467039232/assets/css/ Frame 9D05 3 KB
1 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/initial.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9961ff8ce61a82e625d8237184b98fed1f2717647e567fab38ea32a49cf42f6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1029
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 03:02:07 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 9D05 118 KB
40 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61216
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 04:01:10 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame 9D05 82 KB
30 KB 41ms
7ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 12:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Sep 2024 12:16:01 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/ Frame 9D05 233 KB
62 KB 47ms
13ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/jquery-ui.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 04:35:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63865
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Sep 2024 04:35:40 GMT

GET
H3 200 initial.js Show response
s0.2mdn.net/sadbundle/4109205582467039232/assets/js/ Frame 9D05 17 KB
3 KB 13ms
12ms Script
application/x-javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/initial.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87a1c72b2e889b01c62c7093236a5996d011ffef5a5db018a7e4ee78f04cf9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3062
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 03:02:07 GMT

GET
H3 200 logo.jpg
s0.2mdn.net/sadbundle/4109205582467039232/assets/images/ Frame 9D05 3 KB
3 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/images/logo.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

794d61e219331f90223f84b6f7806082dd2fb5388d3c74af6bab63ad2ce022bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 11:52:51 GMT
x-content-type-options: nosniff
age: 32915
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2754
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 11:52:51 GMT

GET
H3 200 spinner.gif
s0.2mdn.net/sadbundle/4109205582467039232/assets/images/ Frame 9D05 7 KB
7 KB 7ms
7ms Image
image/gif 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/images/spinner.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcc5de0f53784c98bf4b3345b43f7d95736bd096e7ce0b8132a0555624adc13a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:07 GMT
x-content-type-options: nosniff
age: 64759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6841
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 03:02:07 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3255
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEYgjODw7pbuCAQ5oXR_v48&google_cver=1&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEYgjODw7pbuCAQ5oXR_v48&google_cver=1&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6A...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTYxMTgwNjk1MTcwMzMwNjk0NA&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheG...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTYxMTgwNjk1MTcwMzMwNjk0NA&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3rlJ7DEdab3z6CSNaxc2ouyyBs9vjqfCPY3C4fjBL3pL9fgKdK-x8rEMLTUMjv9B2F9a_bWN6zv5v

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTYxMTgwNjk1MTcwMzMwNjk0NA&google_push=AXcoOmRzlSooQo3nhOYznm64IlsDnkUVQGYz9FyedOXpm3xPHbJ79XZ_brtrzeZ5IzD_Jp5qP6AheGf3rlJ7DEdab3z6CSNaxc2ouyyBs9vjqfCPY3C4fjBL3pL9fgKdK-x8rEMLTUMjv9B2F9a_bWN6zv5v
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3255
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aoZmG_UGQzu19lNC7qkHHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aoZmG_UGQzu19lNC7qkHHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmThHlWqkMQRJoXAyC85btWjL2w0kEyQ-wHuLvKlVtuG9OGFUdgF-sesX59usLyMF04EDtJ4-cJDWRkEqnm6l1ndnbWopaQKjqSB9pdUfEHkireDQmI57njQ15RlaI2rGnq8jVUkGvhxKvdHqF0A2Qs

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aoZmG_UGQzu19lNC7qkHHQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmThHlWqkMQRJoXAyC85btWjL2w0kEyQ-wHuLvKlVtuG9OGFUdgF-sesX59usLyMF04EDtJ4-cJDWRkEqnm6l1ndnbWopaQKjqSB9pdUfEHkireDQmI57njQ15RlaI2rGnq8jVUkGvhxKvdHqF0A2Qs
date: Tue, 05 Sep 2023 21:01:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3255
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3o3zlBZDUp5bmB4xuG2qcke-Mr3p4UjfpUBNsmnCBNjMJCklE3j_0_GmE

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmTdaF3ZT27WxpHkk_KJCseSNydbogRvZjFRRpchA6BhdgzhVqQ1peQWom_xO9XfWbyqkWtF5uG30q3Vhmal0gNOjZ7rdA3o3zlBZDUp5bmB4xuG2qcke-Mr3p4UjfpUBNsmnCBNjMJCklE3j_0_GmE
date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 3255 0
45 B 98ms
13ms Image
text/plain 89.149.192.76
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPhg_U8A8wrRsxo-MLgXezU&google_cver=1&google_push=AXcoOmTIpTOQP2tisS5YmuUXYFq87ljOt65n7nNQX02P53fEVwQGWuL8uRNjpbWsFSON4DVOk5VLGLprIiO1YxZdT1f0KTYeQB5Dci46rCRMHg6wkue3q2SPgNsBxcO1oEIrQ2SggvFS-XQsZezA_avRatsM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685196&bpp=197&bdt=107&idt=407&shv=r20230831&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3121139447&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31076839%2C31077523%2C31077559%2C31077588&oid=2&pvsid=2804041738172264&tmod=1238041928&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.o75h5s9nrw4d&fsb=1&dtd=420
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.149.192.76 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3255
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESELY8skQVn3Bc2wEsXMN0hN4&google_cver=1&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0qIWj5vjwGSHaVF2xdwn-wLxx-1kc8e3NU3q9O5jCtwHT9HoV...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0qIWj5vjwGSHaVF2xdwn-wLxx-1kc8e3NU3q9O5jCtwHT9HoVZ4iO0bimRtfiQL6gQFFhsR3vjDGljmwQ6uYntbSw-B&google_hm=9jztrqHeQUaCftL_U0Lvy4Q

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTEcv2OzodoDzlDyCkxZUVVaNe05Z_wwCRsSg1DZBMTGb5aaAAK-W8K922oc0qIWj5vjwGSHaVF2xdwn-wLxx-1kc8e3NU3q9O5jCtwHT9HoVZ4iO0bimRtfiQL6gQFFhsR3vjDGljmwQ6uYntbSw-B&google_hm=9jztrqHeQUaCftL_U0Lvy4Q
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 3255
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAqH0rIomgFH4e_KZrVRK_A&google_cver=1&google_push=AXcoOmTT8fTkREaItu6MVHCZrI3P5s_9PRqqL71KCfXbNi1VvyswhptTpEEhReqk_CXkn960Uxpq5p-AhDp...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTT8fTkREaItu6MVHCZrI3P5s_9PRqqL71KCfXbNi1VvyswhptTpEEhReqk_CXkn960Uxpq5p-AhDpBUzdW6-U5DR7vDV7-rdX_NHs4neutIrd_MxvE...
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

8ms
8ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3255
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmStR4t7czJ_zBhO4OAunOLsddrX6hmPQdujrga6TkjwJulIp01hiXMQk_idHdiNxFvBCe18lYwWLBVy1hEvzxOWeiCe68erm_fSpzMfmuNbu2tcCtqNLeLN9HXoIlSGgkoStr6nBy7gCyEVjTeLGCSm&gdpr=${GDPR}

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmStR4t7czJ_zBhO4OAunOLsddrX6hmPQdujrga6TkjwJulIp01hiXMQk_idHdiNxFvBCe18lYwWLBVy1hEvzxOWeiCe68erm_fSpzMfmuNbu2tcCtqNLeLN9HXoIlSGgkoStr6nBy7gCyEVjTeLGCSm&gdpr=${GDPR}
date: Tue, 05 Sep 2023 21:01:26 GMT
server: _
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3255 0
12 B 15ms
15ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LmY0lhG2EHLCDEmvTQ9q5pnjJeeTYmiqGpVfofKPIrIrUebMx4V-BsXkZN98cewtctvm2WSItC

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F582 22 KB
8 KB 21ms
18ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 224981
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 passback_728x90.js Show response
static.adsafeprotected.com/ Frame 899C 3 KB
2 KB 15ms
15ms Script
application/javascript 2600:9000:21f3:6e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_728x90.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: BMDmVeG18LcgsgmLJH9yXJDgb3k6n4r4
content-encoding: gzip
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
date: Tue, 05 Sep 2023 10:15:07 GMT
x-amz-cf-pop: FRA2-C2
age: 38780
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:52 GMT
server: AmazonS3
etag: W/"696b4c19d35efd706805137a8a4b3831"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: gTxEbWhESjzX54Afvcr7hwL4DkJdVmf3v5p1vHIw6qEdE4dmLM76xA==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 419F 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 224981
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame 7348
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

94ms
73ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: ba1df4d23a147a8e82164b8877f0097a6f8c23d76242e91beb29dbde4f9ba235

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Sep 2023 21:01:26 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 99323500196079804444554012438023
Connection: close
Content-Length: 1353
Expires: Tue, 05 Sep 2023 22:01:26 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 05 Sep 2023 21:01:26 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 05 Sep 2023 22:01:26 +0200

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8231 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8056932250903&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8231 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8056932250903&version=m202307240101&ct=76&x=1&cor=12351440499569880000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8231 93 KB
38 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bax827yBg0TUPmlL-SDuGaho6t66GSp3IG-WcZN1ML2fEkI9LCcKdIJp-vXoEQWWwwRTHI9SV6D5sfhlVfegCwy-PWvbBUx4ZvdRDW0lDmUDvtP7k&cry=1&dbm_d=AKAmf-AWF7fU6SHNd7L37MiQcJjdk0EDWWMpVd2yV5YmMdHb-nzus1NwVxivd1GUCPLDJ2OFc4i9fj87HlmBFBBohvg1WZ6qBiW1b_QLoCCPnBCYq5SIk3p5eaCbB-KdiBsQm6ockImQDRU0lubi3D515ctwh3oXcm2Kg5WUN3sMHBiP83b0GMwYRCozfJoBet1zIwC00IQulU8MCapMcAOuWeUCsR8RE_4LzqyOyecjdSxqXGdScyiE56c3EcDQ98f866QLS0_Tj55ls0vSIjYxt-6KWvLYBmVCzRYO1yvI8UcGk2a2FVgHc0SQbE_bheGBJdy88Hm0IOGYKjrEx_DvFoHpSnFDSiH2GOG43SA3s7Zzz-uiSlormi5QpNXTWZbOXnrpyLWW1cpXu2ZNQRKdmkYE7Z68cWL8sW00dGbxRlv6EvBR8kpv-yrSOAEj-umeQ8FU3lJiymh8kpr1I-fdrRkn1S9ZgkEslQHNBsDpH5pqRgZR0FHvIWye1-Eq47LaZuMmuvlszYtGNGy-qrUrGEC_20dINg84zRlTu5tKD05jmBnmk7rSXUL4_NhMsoTsdLWwMp-EhgH0pstUX5jrmduJ-KbNjUGO25r0VxUGA7FFWU9TTEusewjYnfsGyADKgNSi1pxPgSOATYE1w8h-LG5L8KxGv7FmqQ2SW2djb4MzzOwRhZGiqtK9dN7jJtrNlIJWB1VWgZ1qboLbgTHA27CgaqzOQGYVzvdOii0mNEm_hWtuFdZxyjSTb_H5x8zNPROWcMRmDp59SSwqoqit6s7yiJ2cifOfEleomC5VTCU19QYWiiqus-XqyppMxozAvAi8Kv6YgwnifCfmgMmo51t2iMX24eQlj0FBS7wx_wcHXsBIpwPPoZMzyKIhJ4fsHcNQsgPWeYxWAGx9g7cVeYbKBaXKRSfKCU8dPYIQZu2lFvjWV7uH63OgWhfafsjjrNQ50YQr_EoE4xYAAHXTsKCOu1buxZtAeDO4d_Vm0DtVsjkIA6zn6l-FgjwG_Q0LtHRgjqetZxWGCslDbQQz7EHHl7Pt0MIVyJ3zi69c5mkKgzfgKTkgOov1ZqK3eIPkilL1DtVsAGo8mXDsXRb4NNkXwkoevKImYBwOmrtR95dGVP-MWxb8QxAswFlivFimhuIQwbh_4hfKmKwsRcxCvjTwLInZ0laRnFzeT_hLsNadoZcStJ5sDxzguOb1eofkGlp7ATt4HZ1_GsDmVpXpQIr_QBjIogcUKncAhgfo473piSFIYfKNhgqW3tu8b3hMph26O3zt6Xed_LAxDFHjTKMleZBN2TZ96A_7sdB5lno-i5mf_mE9PNJrmzdDI6t1NJles3dw0quOUdbiYyLpum1E6_qbU2HO0yFK6kGtW3F2p5lrgesHb0hwHTp75Bi1In6jWgtHXRFFMOyhBqsBJyaOioCCkUJpgCL0i0qqjVgZrjKRUGTbVr0R1fC4NpBVFPHux4LgCBejMbCy4eCyYIYnCQM_v5doZLZ_pxNlizInrrN6HzBeJ6IwkcmGkgV5WwjD8Zgd6-EaKKtPZDaUI3Z95qP_FQbKPYIduc897Ryr4PWu7Q64GEmBE141g71Jb_PhTNrtPO3vsJUL3UGxEg-QszV_s4JuDjbeBmBMSNCqYE6s9js41i2AQgHAdPcWlkzGYFy75wCGZz749qVDSpdeBzoUjH6RJo65AdjX8DRYsa_lvaRWOE21jpobvIz2E-TSV2NuW9TlyzN7O40k0ZMlRsgCxKGU_yEuYBQGQIfufMO5AMpz6EESV8_d_eBMhgWmm54bs_pYbg7W9laaHDWLH566ih2LWk8M6SGVOqYSdRlvHu2Kt5fKtbLyOJ5uD8vCOb1Ij2A8wcWsuOtenrzNeWYHmmVLgSiLNnh0vSAStHE3by3jz1sCs8hL49ZYbPcu0xEw1IgneA_k-5cqAwyeQJmZso6C589aw0L3JLdS3Bhn79Dx3T5QSb67lmuwDiwBFcfMX3CNKllD7iupW-NPoF0NYEBRzRqlUDzPOrAtvrnFUdnmu737MpMRVUOC_Xop7r69DWtJIzH4Usf40fjJokdWz0TxFCfI3EhtA8l44WFDvHwUS-9SkOII4mvAS9cZoKt-NjLDSUwWk8g3KCXBvppZjHGdf7H0Ph4zFgIWn5RafGRGsioSIGGyJE3MR9PMcMb6Kn9TcXq1kvd2cX3vUpn__Ml77SoqaAm9LY_QoN7qKt_qcQlF3EDDOwoTBUnmmMunxx9KrrPeyLoKCs_mReLQTtqq_LqejnD-66F7G1-6LMlyxX2hioz9W6v3vgAP7VCq24c5--RLgJQNSncWImkQswYxRkgG79YfeAF3QR7eD1k5PoK_5OOKjK2T8E3drVPS6AdP2Avbst4Xj3cC02fZSnRNE4wZzjhdt_CUOepyLAUoDz90vLBf8iVjU-m8WU09BqGY1Or7GDg76WCRdRp_I93Z7LJ-CsFHdo659ZFjfoJD03zv3eZ766K66UXzUhi-jPL5QXGKQGu4CgSKjcnyuSHx3HwzKTg4vHMIm_IdnXvCJJswmDYRY4ShYOBujFXbn0VSeSR3MgsATtm4JGmbfawD8uWIhLSsYDX9hSiXXJiXLcaXuczUqZbYyzI2DDpmvYayIZihBRAnMjOKbwKn9MFAOsatSZuSCxcAFx7FAr5tKdpz_IXd2i1ryvm_nR1qSCk4qZTeHmq9IZjszP5MFwoMBmt7HWdfvmhsW-yTsz6Dzn4lECJr7YfyfAfr7zpoKhyByhXM6jGQ6NlG8WrC61AWj8ve-0VhBWHEERPmoUEDKSygZ_xWMclJOh2gWISh6prroTBI3EbLfTcjqOfdHbmglvMx-0p1RBZVVB4SWOVSJI7_WOWA3Musp1Cl14cTWrLF-7M7Ysd2kmE95HtRc_LljHxftQcDM06FUysNi7eACo7uiiBdaAWWkkDND8IKJuTAsraxzYK15RQ1Kq9t8gRN84eVDxVkFILfX9B01pbon7cA19lYNUjdvqJ5bJcrMjW7IvkPg_MP9_u-6rx_2oKQh0Jse41SBRv0hjNSQ2sCBQNmqdiI6kD62ce3W6GO8c0jMOOG8HqGHGzF5VRrnlyF5UHXNpsikqWW8iC4ACTAtAW8AO4muS-zvEXz_8vL2jMz0yB3OIE6jLEy2VSY_73bDEQ_ZfcOeFT9w-fhllutpPSp8G4jhtin87esVoK3vzwndgs4emwsPmiPB_ajkrphtdt7a8Oaa2py7Oo4L30G3YzEtsdbfkl_vOXiceNOgLKWDZEvOSiNS4JOyrvVRWdOjfUQcZ-3znr2y6uabX8OYStY4qxVRBvhPzOmYixPOF50isOeAHgdnxPfd1FqB6J8vf5J9fPgzxDmw3US-ZMUl2jqrPIzsXaKOijBjvmBVPwDWZqK1xZLRHmcuUc28lFb9VmG5KSMhMzvyS8wdBVqELJaH4DOqWNi0Mhd3dF-bW9opsptgh56XEbk6qogQo379cvIzdHvCgDm7pRAQYNhY6pQXq-LWmjZ_5mvFET09G0P4XDa0Xarx7h7Muyzuw&cid=CAQSKQBpAlJWKd7D7kEDz3s5KWT1H-9stKlTquHAuhsQO4JiGvleGfFh29BDGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=12351440499569880000&adk=1268836065&idt=75&cac=0&dtd=28

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6de5236d8e4fcc595642c950bda70ea29d2ff63c5100ec381d5444c4744cdf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38497
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 IAS_PassbackAds_728x90.png
static.adsafeprotected.com/ Frame 899C 10 KB
10 KB 7ms
7ms Image
image/png 2600:9000:21f3:6e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_728x90.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:6e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: 4DcA1UddzZ2E21bAiUECQTp8M854Vxlu
date: Sun, 03 Sep 2023 14:45:51 GMT
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 195336
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 10216
last-modified: Fri, 18 Feb 2022 23:29:13 GMT
server: AmazonS3
etag: "b1464a7201f691a1e4cf6fc057919d7f"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
x-amz-cf-id: Dpwvdim57RdNqyJS3LPAnAmje7IPdLvwCN0egwvK7fDqRD8est4JYA==

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame F582 38 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 200 cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js Show response
pagead2.googlesyndication.com/bg/ Frame 419F 38 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 14:28:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14792
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Sep 2024 14:28:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9D05 7 KB
5 KB 51ms
51ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8379f684a189e4e274a954e9c0877ab03e51d30724acc72d31a18ecb85878933

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5602
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 8231 172 KB
60 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
Origin: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 05:22:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 05:22:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/ Frame 8231 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bax827yBg0TUPmlL-SDuGaho6t66GSp3IG-WcZN1ML2fEkI9LCcKdIJp-vXoEQWWwwRTHI9SV6D5sfhlVfegCwy-PWvbBUx4ZvdRDW0lDmUDvtP7k&cry=1&dbm_d=AKAmf-AWF7fU6SHNd7L37MiQcJjdk0EDWWMpVd2yV5YmMdHb-nzus1NwVxivd1GUCPLDJ2OFc4i9fj87HlmBFBBohvg1WZ6qBiW1b_QLoCCPnBCYq5SIk3p5eaCbB-KdiBsQm6ockImQDRU0lubi3D515ctwh3oXcm2Kg5WUN3sMHBiP83b0GMwYRCozfJoBet1zIwC00IQulU8MCapMcAOuWeUCsR8RE_4LzqyOyecjdSxqXGdScyiE56c3EcDQ98f866QLS0_Tj55ls0vSIjYxt-6KWvLYBmVCzRYO1yvI8UcGk2a2FVgHc0SQbE_bheGBJdy88Hm0IOGYKjrEx_DvFoHpSnFDSiH2GOG43SA3s7Zzz-uiSlormi5QpNXTWZbOXnrpyLWW1cpXu2ZNQRKdmkYE7Z68cWL8sW00dGbxRlv6EvBR8kpv-yrSOAEj-umeQ8FU3lJiymh8kpr1I-fdrRkn1S9ZgkEslQHNBsDpH5pqRgZR0FHvIWye1-Eq47LaZuMmuvlszYtGNGy-qrUrGEC_20dINg84zRlTu5tKD05jmBnmk7rSXUL4_NhMsoTsdLWwMp-EhgH0pstUX5jrmduJ-KbNjUGO25r0VxUGA7FFWU9TTEusewjYnfsGyADKgNSi1pxPgSOATYE1w8h-LG5L8KxGv7FmqQ2SW2djb4MzzOwRhZGiqtK9dN7jJtrNlIJWB1VWgZ1qboLbgTHA27CgaqzOQGYVzvdOii0mNEm_hWtuFdZxyjSTb_H5x8zNPROWcMRmDp59SSwqoqit6s7yiJ2cifOfEleomC5VTCU19QYWiiqus-XqyppMxozAvAi8Kv6YgwnifCfmgMmo51t2iMX24eQlj0FBS7wx_wcHXsBIpwPPoZMzyKIhJ4fsHcNQsgPWeYxWAGx9g7cVeYbKBaXKRSfKCU8dPYIQZu2lFvjWV7uH63OgWhfafsjjrNQ50YQr_EoE4xYAAHXTsKCOu1buxZtAeDO4d_Vm0DtVsjkIA6zn6l-FgjwG_Q0LtHRgjqetZxWGCslDbQQz7EHHl7Pt0MIVyJ3zi69c5mkKgzfgKTkgOov1ZqK3eIPkilL1DtVsAGo8mXDsXRb4NNkXwkoevKImYBwOmrtR95dGVP-MWxb8QxAswFlivFimhuIQwbh_4hfKmKwsRcxCvjTwLInZ0laRnFzeT_hLsNadoZcStJ5sDxzguOb1eofkGlp7ATt4HZ1_GsDmVpXpQIr_QBjIogcUKncAhgfo473piSFIYfKNhgqW3tu8b3hMph26O3zt6Xed_LAxDFHjTKMleZBN2TZ96A_7sdB5lno-i5mf_mE9PNJrmzdDI6t1NJles3dw0quOUdbiYyLpum1E6_qbU2HO0yFK6kGtW3F2p5lrgesHb0hwHTp75Bi1In6jWgtHXRFFMOyhBqsBJyaOioCCkUJpgCL0i0qqjVgZrjKRUGTbVr0R1fC4NpBVFPHux4LgCBejMbCy4eCyYIYnCQM_v5doZLZ_pxNlizInrrN6HzBeJ6IwkcmGkgV5WwjD8Zgd6-EaKKtPZDaUI3Z95qP_FQbKPYIduc897Ryr4PWu7Q64GEmBE141g71Jb_PhTNrtPO3vsJUL3UGxEg-QszV_s4JuDjbeBmBMSNCqYE6s9js41i2AQgHAdPcWlkzGYFy75wCGZz749qVDSpdeBzoUjH6RJo65AdjX8DRYsa_lvaRWOE21jpobvIz2E-TSV2NuW9TlyzN7O40k0ZMlRsgCxKGU_yEuYBQGQIfufMO5AMpz6EESV8_d_eBMhgWmm54bs_pYbg7W9laaHDWLH566ih2LWk8M6SGVOqYSdRlvHu2Kt5fKtbLyOJ5uD8vCOb1Ij2A8wcWsuOtenrzNeWYHmmVLgSiLNnh0vSAStHE3by3jz1sCs8hL49ZYbPcu0xEw1IgneA_k-5cqAwyeQJmZso6C589aw0L3JLdS3Bhn79Dx3T5QSb67lmuwDiwBFcfMX3CNKllD7iupW-NPoF0NYEBRzRqlUDzPOrAtvrnFUdnmu737MpMRVUOC_Xop7r69DWtJIzH4Usf40fjJokdWz0TxFCfI3EhtA8l44WFDvHwUS-9SkOII4mvAS9cZoKt-NjLDSUwWk8g3KCXBvppZjHGdf7H0Ph4zFgIWn5RafGRGsioSIGGyJE3MR9PMcMb6Kn9TcXq1kvd2cX3vUpn__Ml77SoqaAm9LY_QoN7qKt_qcQlF3EDDOwoTBUnmmMunxx9KrrPeyLoKCs_mReLQTtqq_LqejnD-66F7G1-6LMlyxX2hioz9W6v3vgAP7VCq24c5--RLgJQNSncWImkQswYxRkgG79YfeAF3QR7eD1k5PoK_5OOKjK2T8E3drVPS6AdP2Avbst4Xj3cC02fZSnRNE4wZzjhdt_CUOepyLAUoDz90vLBf8iVjU-m8WU09BqGY1Or7GDg76WCRdRp_I93Z7LJ-CsFHdo659ZFjfoJD03zv3eZ766K66UXzUhi-jPL5QXGKQGu4CgSKjcnyuSHx3HwzKTg4vHMIm_IdnXvCJJswmDYRY4ShYOBujFXbn0VSeSR3MgsATtm4JGmbfawD8uWIhLSsYDX9hSiXXJiXLcaXuczUqZbYyzI2DDpmvYayIZihBRAnMjOKbwKn9MFAOsatSZuSCxcAFx7FAr5tKdpz_IXd2i1ryvm_nR1qSCk4qZTeHmq9IZjszP5MFwoMBmt7HWdfvmhsW-yTsz6Dzn4lECJr7YfyfAfr7zpoKhyByhXM6jGQ6NlG8WrC61AWj8ve-0VhBWHEERPmoUEDKSygZ_xWMclJOh2gWISh6prroTBI3EbLfTcjqOfdHbmglvMx-0p1RBZVVB4SWOVSJI7_WOWA3Musp1Cl14cTWrLF-7M7Ysd2kmE95HtRc_LljHxftQcDM06FUysNi7eACo7uiiBdaAWWkkDND8IKJuTAsraxzYK15RQ1Kq9t8gRN84eVDxVkFILfX9B01pbon7cA19lYNUjdvqJ5bJcrMjW7IvkPg_MP9_u-6rx_2oKQh0Jse41SBRv0hjNSQ2sCBQNmqdiI6kD62ce3W6GO8c0jMOOG8HqGHGzF5VRrnlyF5UHXNpsikqWW8iC4ACTAtAW8AO4muS-zvEXz_8vL2jMz0yB3OIE6jLEy2VSY_73bDEQ_ZfcOeFT9w-fhllutpPSp8G4jhtin87esVoK3vzwndgs4emwsPmiPB_ajkrphtdt7a8Oaa2py7Oo4L30G3YzEtsdbfkl_vOXiceNOgLKWDZEvOSiNS4JOyrvVRWdOjfUQcZ-3znr2y6uabX8OYStY4qxVRBvhPzOmYixPOF50isOeAHgdnxPfd1FqB6J8vf5J9fPgzxDmw3US-ZMUl2jqrPIzsXaKOijBjvmBVPwDWZqK1xZLRHmcuUc28lFb9VmG5KSMhMzvyS8wdBVqELJaH4DOqWNi0Mhd3dF-bW9opsptgh56XEbk6qogQo379cvIzdHvCgDm7pRAQYNhY6pQXq-LWmjZ_5mvFET09G0P4XDa0Xarx7h7Muyzuw&cid=CAQSKQBpAlJWKd7D7kEDz3s5KWT1H-9stKlTquHAuhsQO4JiGvleGfFh29BDGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=12351440499569880000&adk=1268836065&idt=75&cac=0&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:39:55 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/ Frame 8231 30 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230831/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:54:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Sep 2023 17:54:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8231 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 321611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5B31 0
0 47ms
47ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRmmi_nx-1fNxllAQUHS2a-7Umj0aX_oY-WHFibbKLnmKqmWc_JJcouuLBSDZOGgh-FUaCR1x001F7Q_DNh9T8kx7jWVEqeLdccjPIe2QKDsAswK7b-tM-UFIxC1rUBHTnVtNxC-J7M1DksMg-E7YpaO5diOVMV5tV2IIUbuKWsilnhXDnJSO4XSgl9CBQL1iRzLXR9A_miZDDnwXa8o2BrGMcxPtzozycTCoArqahK3cG01gilmtb2B3IOuKHOa240p_4ehhNGyzW08KHp7fdlxEL0Z_GtNcgnwAYrfhSTbqSmMFNnUPjQFNxQ7gLTLkdL5UeM4zYZh8AVmaAvudjURtxYIItcnnliRKmZgzO3rBuET5UvRpOJ-vLOcEPTpP4gI7gr8cxrG15eVRiXHSInb1xAzXeAQ4QpLdXStkKNnJDVtuZfNK3AKI01O906ZZvD0qAxg1HbN8xYxUV5EEH0PFPua1jz2zlhME7UnDwwfr3OxSeEA6HI0yVeiWbUE3jo3zkR9edZ_HU810fmoYzvdti1e1rpnsOkNXbUn1G_4v0SNW7pxnTr0eIgyot3N-AZruABg3ZUrkjQYGr1toWhPx1xnVMx-F7NaFUAt8HWWK5P_NTumLoojQxFTjeaiHQGLHCO7tRQ2ZqO264Q2jsHzF260eni2tNucePs1Na5FAAN2Tr3hoMcNaNvIF2vh3cu19hfI4mQU35zXrEmeP3i4SnaNj7HwuVHv4lJB9kzhNszBaUDocwmsqFZKEKtHKrSDVgho7mXDfjLZjdKp5Fzz3-KQvCE9fNJvBVuSOZdwkUMgWQYC0ZtIzxOZkITYgvhk8gIQfU6Q4K8GdnwBnM7JDfqEVH-BhpcV3Mcb8C1DhQgCDevj-Ja8Du2vN3gH2IEH7faP_6__CvgInuiBuPpFk9tAnXmCVSQFjcJ1-jou87RaTUmS4ebewvtVDJhXTT7iFaQo-EWWsOZzF0j-0AZYBEgSBYSznGomsMkpCNsx89sJxiXzCI6FG9almhmBJh6DDG1Yc5ihU0BFZ4WH4sR0KpwLEqOLgO9ohPxQ1pDnbQBVN0kjtve5iP-Fo4PShqfgzSImZgKB6TxMZIYH3WVLMKqOCf1H4tx4JqVal5ey9eojtP4P8Z2rKZSeJf0Oj2MR8prz2mLm_xLhUJOdPsTxQgbofDoN4oRZuR_6nRY5jfbcv1cM7O1RnfTypF2swe-zsOACvi9gWXLZ-0Uaoo4DGXq2o1jKTXXsf8Ic0Z8Q&sai=AMfl-YS36Uv03VPyV0ln8HeXEdMxjlu7XimJF0qudG1ozD0790UTXxPw_7QxspSCCIB5fgjUrBi1iHDC3GQaOs0cCRjpnQvAfaQYXJhOtH1m-maektq127-X2TWoRdymvyUVsQPVdZZGO28mS-skl7KzP8Yeirlna5Uc3e-EYsrM2CCj-fzZISV4yqBx-zxrSDThwGMwjfNYIIN-&sig=Cg0ArKJSzHRWLhR_VTnfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=342&vt=11&dtpt=193&dett=3&cstd=135&cisv=r20230831.23579&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 82E5 0
0 47ms
47ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv3TWxR1_Wqgnx3eG2YG63jQ8blI2ilGVuIdk90JunY9s1uOkPl7QCcm7H6qKigdBwJK4ttbIEZaBbysY2mahBNlbmI8N_47xos7R2uGfdYHFZD0RADmhG9GELGqxvjMH_1LkMe-UEWjrHSQ4hFvcdYxf5pYYWOO9miLqzWnaEi01zT06UbNmg8q4KLN3erV1TH0pqkMPMOwq_7MDtOVfOOnB9b79KQaq2yE6JXxcrCV6s5y38nj7hDVC-vNzoVOyza82LK_yJGvJU6Vjq6_8EDhxDWbA7iEbiT_shG_qeNX2RKjMxucNmCoxUYYn_iIu_QtPw5GeaWQ18QuEg5NCvt7SedGXDAk_Rcq_wYC2hG6qI&sai=AMfl-YTGkpBQZjr8KSzx80Vlh9Ngfwm5qykjuYsUXOF7iy5oadt030QUxRMu68haqszwdn5roqEv19E5TmWcSA0&sig=Cg0ArKJSzKMnmlWuQgIbEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 82E5 15 KB
11 KB 70ms
70ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230831&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cb88e732eedf1e5ac8ff4b9df9fe7b87bcf7d514b101c128803157e3414310d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11657
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E928 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 08:56:47 GMT
etag: 48472445140208031
expires: Wed, 06 Sep 2023 08:56:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8231 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22c2e7c48ba1f7690755ac0a0d4a0005f43edc6c860bf507a3585af955a9f1aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 style.css
s0.2mdn.net/sadbundle/4109205582467039232/assets/css/ Frame 9D05 21 KB
2 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4000f8bc8426d8a9563eeb259642c42fd60e779b52bc90eebe02ef8fa9bc8fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 11:52:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32915
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2397
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 11:52:51 GMT

GET
H3 200 jquery.textfit.min.js Show response
s0.2mdn.net/sadbundle/4109205582467039232/assets/js/ Frame 9D05 1 KB
677 B 8ms
8ms Script
application/x-javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/jquery.textfit.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2c5aae989ebecc48aa3e455d9e066b4f90add7ecafef55cef8fce5a5823a735

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 03:54:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407246
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 648
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 31 Aug 2024 03:54:00 GMT

GET
H3 200 nhdynamic.js Show response
s0.2mdn.net/sadbundle/4109205582467039232/assets/js/ Frame 9D05 35 KB
6 KB 8ms
8ms Script
application/x-javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/nhdynamic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74bee7fd7f696f1d12267064500896b813520e0eba8b058c9895e9f13d12130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64758
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5646
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 03:02:08 GMT

GET
H3 200 youtubeApi.js Show response
s0.2mdn.net/sadbundle/4109205582467039232/assets/js/ Frame 9D05 1 KB
474 B 7ms
7ms Script
application/x-javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/youtubeApi.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

590c9c8a499bf5bd52784c2bbbe0c69bc4f2f8c2ed0cc0e44c3cdaa62e1d672b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 04:06:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320115
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 445
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 01 Sep 2024 04:06:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9D05 17 KB
6 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 75E3 47 KB
12 KB 15ms
15ms Document
text/html 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:26 GMT
expires: Wed, 04 Sep 2024 21:01:26 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8231 0
0 57ms
56ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPjKZZiWTW4-Fo4nNZaqZyROsDlndohIyA6RxVS7p6DNrxAAOe6LrnLETmIzAUL-lWrEJ6KZ_3h55RxULDeYIy8zfKMxEQwHTPyoFiMqC1rG3LSHclz2rq2JiTJ2yv1uU6_ey8JJ4jWJsLuo96Hhm2l1Bdv6ddIwSzxzlxlhctOuwzxbood6EwoyqDSaHH6cxDv9qHhuB7xxbm5XyqE76uZzzph9BcLup_LEAXAyqds3UkNLNn_QpPf6QKi5r5A97eYJXlWOQGQ_kMBTG7GfR4tkb0y2q75Uxthai11omxKR0somF4W1spXqEGNHybO1ih5wz71xdk7DBSsbdFF5mWNrtzUZ4FPL6C4_mbBcG2ATLNRwzMHelLVcspBBIPzhDKG-0pi2oAthO47feGuFfiMBUQWlnUueKYjoH9lQmuIBvxdKHfN0FW18p-0VtEy0ugQQ1OaY90qQJOPCvilk-S0_NKuc6IRrej7hN01rbEH6q0QXSDaKht48EwiwlCWjY3I7ZSkqm-mlriYDl5v-lOXfsrs0lS9BQLv4b933JOQ6JgeJ1zq2F0T9DobZNPvMlOH-GFSbSuMyoZ2-4e8tzL1SuYBmY3n743V8thbAC8M3W7nUw4z3Sq8za0OifBAAJXLrz7v6Lg0g0U9H3Tcf62m6O5Ci01VyrMEcFCPz3SKGD6kXT-vMnZQKGVBQKzPW8a0r5AfFYmCLsG8FdN9f-vByi8Gpmw7oHmoocXNJ1abT9S9tKaLu_13KfSiYHvmXYF9ghgh5c-ZsfOA4MA30c8FbygpyE7YTR7B85izOLOh6oXUTliigURP1oQpCzYLrIxOnQQA3W4cN3uOcoGPUtr04gOSlLt8-jXygUZtX4BPJWYLb3L6XVw8qf4F8Emhe7JstbN_RBDfpl7CwvRDzrnN-lRG--keo7zDKVEsFwW2mY4wpS0aGyYD-7h7Qrna2Z63YkA3youIld9pVrhaxYsuQs3Gubzp9jl6Yy55cKPf-WqynvvC12pjIGBdFkNIlYvT2vYLi8QT_Nenfa5fJCXO0pOPeQGuttmeep5WovI22o7-sKQFVlEEzDbhL1MtR8nOKb4G3-0-2n3MSrLQOzDxEi2Su40WS8RaVUJa5DH9eJwkkvUNS0f0z_rd5ciIL_SzJ-adeVbs0EzXSsMN_XzbUnINf6Uu6ukVcyZ-4mAIaVAJ1C8hrUmapqHsHFe-DPqiwHtPIjdK1rL9tr3smFz8A_siwWiH9kkvXkeoc2S8lictNFwDRDkEbahERK7kumBb_COp4yIl5OYQOlXoT0FmAgoddyd4aoFhUhyoupXLoYLdd4z_wT9HZpDmY-tS-CxcQKXsdJ0Ftk&sai=AMfl-YTsotfkEzxumRFpTC8K3kL06kxu1bRUu0uGYs_Nqsdd29c8Nb4ef-Z2Df-eKVreeKfgckpPzi99nKSQ2Wa-t-CFOPNUzDcGstb1qQfJFAeH8Z5eFCJwRfqHl5lbo8H8wgXkWy6DnZ7zfGuXGK5GDXBxSrbh4ZEP9kdOAsuACdsAYANPHximNU1xTaeXH0RH8wObBJPcqbWDbjbubxEisOdED0kXV0MQJ6qvQQ&sig=Cg0ArKJSzDZMVS9FTLoXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=108&cbvp=1&cstd=102&cisv=r20230831.49846&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Sep 2023 21:01:26 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 0C41 0
466 B 189ms
142ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=99323500196079804444554012438023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Tue, 05 Sep 2023 21:01:27 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 8AC72684:CFC2_91EFC182:01BB_64F79726_D5F03A1:22024

GET
H2 200 / Show response
adv.office-partner.de/ Frame 598F 930 B
931 B 51ms
8ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=40ab1d62ac&subid=&uid=3c5f58bcebbd2b71&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDPMUJZf3ZMTWMI287wKCibmAAablvaBprZWcp8kP8C4QASDTy84wYJWqoIKwB8gBCakCqcDduJ39sT6oAwHIA5sEqgTzAU_QPzGmR0oWk9IleTXl01ewQfEpCCiKCXHMnXIGTaowRPq9Zp55SqKHhiqUF8tJHwZynb2Uzyk3css3p7JnyNOdb284Ot-D69hv6-c6Zg6KfjVzHF6Rf8W2as4b5wk5F9LcullcIj8p4kJw7JQIACRIei54gTMDyCpYtmTKM5ms4-lzjnp0p3C5FNT2G66pzaPV2LlzEcmfvLlPL-f3l6g-yCnwrOqTjzXYKyqQa_VWLJ94aZ_UNSvcOOBunhtQSus7dx5Ac_j40YN9dkSBWHe8ikXbv2ktIiXHgCNoR3r2OEdC2YO-8Y7nl3IGic8PhM5-HMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARhdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIhP3R8K6UgQMVDd5bCh2CRA4QEAEYASAAEgJlSPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJW8TGgxvEJgfwLc9gXQjebTtCl606sTc1IRMtLF298aml36-ixGAE%26sig%3DAOD64_2xykZVVV2dgbtHa5FSR8-VzEwAFw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cj70wj4OECUnCx8XmafNWd81JLL4sbr52cQ8MJKvkMTtoseGJN5ElKs-fXBjDkw-jYz4K3r35E0Zgnt6IApRI4pY5R26ODWt_dJyn4TJ567eTosQ1ChQ5CmRWSoMc6jc56ecgCvpSFTckUjNiBF5d9cMOeuh6631Rqcnf4qd4rn3cI9aM%26cry%3D1%26dbm_d%3DAKAmf-Dye_AN7USCQTSaHXatO1i6YjoWG3PXA_kQzcZdHcvzPmU3AFpXjdK_WIEfbTqrIQGGE6ramIvSArS5VeEW64pqbEQRfB-JbeeWXZkMNiQe9klmZJMUDvPgLTFsY5YADrN8rEerXd2pyJ2pspLPU432l-Ev6WDgR7TxeVY1Zw-3N39atCjGR4ug4yGpaRd-1UwvaZf9uN7r5xNiIeevMa9WUUqXUJm31jqFAnwRbzgUYEVikQabODuDlBJ0LFe3AP1uRXc6XihSKnlLXK777n1vNI82ENZMsKve16UJnLyb5iB4OaEEhwJvToYZ1VUzYT6rFeAPx_D1pDZNpHf4ihiQry1d5bjYT5-ev-ReOBUIJmNKUJhN4mzARvMvrUvRZ02T4DbM1C5oKnSbHnoTR5yLRQLSiAKlfMHIHai-UrL4zzKDIK2WAq9FK1Y2sR0OdHiaRYa_Vle96igdra1BRU3W5Kr81UypJs9yGtsiDtcxg25icOGFwjA29KvRwBi7pofpWjg5KwGqKxXsrYyyGj1Kua6R9CTrbnTnuGPyjHNajqLIno4%26adurl%3D&documentReferer=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4898833119606&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 05 Sep 2023 21:01:26 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 12 Sep 2023 21:01:26 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 7348 0
465 B 184ms
130ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=99323500196079804444554012438023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:CFC6_91EFC182:01BB_64F79726_D6E5A6D:B82C
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 7348 43 B
482 B 187ms
134ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=99323500196079804444554012438023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:CFC4_91EFC182:01BB_64F79726_D5FE508:22021
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7348 43 B
703 B 83ms
53ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=99323500196079804444554012438023&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Sep 2023 21:01:26 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 82E5 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 75E3 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 04:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61216
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 04:01:10 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 75E3 63 KB
25 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 21:01:26 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E928 0
104 B 95ms
22ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEMe8J16HKg9zJ1Zgf6UvPEs&google_cver=1&google_push=AXcoOmQQ9XKHFlEv5mFTVw5QXUWt-tIBsMLZfk50FRjQGn8xFXxlaKL9LZHygVyi2nGLRBIObT6FRc_JIq8TomDaJi5PgayskzdY
Requested by: Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKV5OrTO450vlGxMSJGuTsY&google_cver=1&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_cQBT6YzMAKQO0
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_c...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_cQBT6YzMAKQO0

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=878549E997AF41F7A65D6902BD3F7C09&google_push=AXcoOmSHNSJ3KDYDnsituBfSweSF_5FiZXKKNc3QxbwSSrp__G17MkVz6KwhpXBnWBCSdEXSoBx5UoqHHH92S_cQBT6YzMAKQO0
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Sep 2023 21:01:26 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEC1s74VEtnUrJRieEZ_3_0s&google_cver=1&google_push=AXcoOmQ2vKQpDTZG3ecVks3ix9joqBum9Lf19lNP0qECougjPk1qNN-3WVY5i0_YfyD2O0bcrtmd9-Z...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEC1s74VEtnUrJRieEZ_3_0s&google_cver=1&google_push=AXcoOmQ2vKQpDTZG3ecVks3ix9joqBum9Lf19lNP0qECougjPk1qNN-3WVY5i0_YfyD2O...
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=CZHmup14T6iNrFNhU5ylzGT3lyc

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=CZHmup14T6iNrFNhU5ylzGT3lyc

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:26 GMT
server: A
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=CZHmup14T6iNrFNhU5ylzGT3lyc
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35Kx1GX&google_hm=eS1ZVm9ycVVkRTJwRXVUeD...

170 B
188 B

21ms
20ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35Kx1GX&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Sep 2023 21:01:26 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSBWOGhQal_vZ5cS-NrWcGQ_ZNwCZGI3AWg_UCKQXY8AJJC1H7Gh0-GfI8xeFnt8hq6yfmUBWOQBX78sHDFK6L-A35Kx1GX&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGLiVlNKtxvCORcuTeCJrZ0&google_cver=1&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGLiVlNKtxvCORcuTeCJrZ0&google_cver=1&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I&google_hm=HRbNuGZHH8e4XAIURNKc2kAc

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I&google_hm=HRbNuGZHH8e4XAIURNKc2kAc

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ_V6_1IfOAILyFUOJIUssnMU3HD0OHc_7Z7zybBhP6fB7ira7L0P6gau1MOG1ImMJ-nsxOFehx3JE3wlaCK-K6zXNB19I&google_hm=HRbNuGZHH8e4XAIURNKc2kAc
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6BCSmcb4ZJ8ZByF4gg1jW16K8BGDw6pD1gPmnXqy4BAI
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6BCSmcb4ZJ8ZByF4gg1jW16K8BGDw6pD1gPmnXqy4BAI

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmRkzyIkBoltGcOazoyitj-J8tbii1hHASmkO53IKU3UUhMtR-I6BCSmcb4ZJ8ZByF4gg1jW16K8BGDw6pD1gPmnXqy4BAI
date: Tue, 05 Sep 2023 21:01:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E928
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmROwUvKGRWkLlo5RFoQciJDbfo3yVadMsdEXpn4DilgmVtr8IPmBxtfm3J02Bi9Z7DPfCbHeVsS02egcn67zwmPUrEKcE_i3Q&gdpr=${GDPR}

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=1c0338d3-8806-47ee-bea4-0e7905333932&google_cver=1&google_gid=CAESENK4iahmSpM6a-3_QYsG9-c&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmROwUvKGRWkLlo5RFoQciJDbfo3yVadMsdEXpn4DilgmVtr8IPmBxtfm3J02Bi9Z7DPfCbHeVsS02egcn67zwmPUrEKcE_i3Q&gdpr=${GDPR}
date: Tue, 05 Sep 2023 21:01:26 GMT
server: _
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E928 0
12 B 15ms
14ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KxwdzMBdhhTdSmSy7t6FUGrsxxCCCLHNXtQdH863_ZA7lRolSMT29Dsvb8nnxyMsshTAJxWQ

Requested by

Host: 2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
URL: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2715 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 224982
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame F8C9 38 KB
14 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 19DE 43 B
215 B 118ms
118ms Image
image/gif 2600:1f18:1aca:4282:5175:98b6:9c84:22b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=fc3baf81-192e-aca2-53d5-03e7f9a67ff8&tv=%7Bc:nnCv8D,pingTime:-10,time:640,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE2LjAuNTg0NS4xNDAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1693947687026%7C%7Cefa345d99191508c6d8776d911408872%7C%7C0f286e8f7fa153358c622af13d09b529%7C%7Ca925a8ed7bf1da5400d06422c9f87fee%7C%7C540265612ee899f9202f64cf7340633f%7C%7C67363c5382d30d7da0c05398b3564495%7C%7C2df91187e0fdf84be4c9434461cead77%7C%7Cdb0aafcc40dff0b4f203c4c3f58b1708%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:5175:98b6:9c84:22b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: nginx
x-server-name: dt21.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 598F 119 KB
46 KB 37ms
16ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca09f0204ddb297f2632faa23ef61c104e14b2e67b76ec13bcb2227631ebf2d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46237
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ Frame 9D05 993 B
2 KB 62ms
32ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/js/youtubeApi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4f508099a90234125efc2c7dfa2892ea2c7ccafcf34d61353e2f02cec717e764

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H3 200 63009_20230831044748360_background_728x90_1.jpg
s0.2mdn.net/ads/richmedia/studio/63009/ Frame 9D05 39 KB
39 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/63009/63009_20230831044748360_background_728x90_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2382b4a8e0d091a7594f454e0c7a58d49dc0b313a24f5f5f0e708ba762e93eeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 23:00:57 GMT
x-content-type-options: nosniff
age: 79230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39835
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 11:47:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 23:00:57 GMT

GET
H3 200 63009_20230831044751796_background_728x90_2.jpg
s0.2mdn.net/ads/richmedia/studio/63009/ Frame 9D05 39 KB
39 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/63009/63009_20230831044751796_background_728x90_2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2382b4a8e0d091a7594f454e0c7a58d49dc0b313a24f5f5f0e708ba762e93eeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 23:00:57 GMT
x-content-type-options: nosniff
age: 79230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39835
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 11:47:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 23:00:57 GMT

GET
H3 200 63009_20230831044755163_background_728x90_3.jpg
s0.2mdn.net/ads/richmedia/studio/63009/ Frame 9D05 39 KB
39 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/63009/63009_20230831044755163_background_728x90_3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2382b4a8e0d091a7594f454e0c7a58d49dc0b313a24f5f5f0e708ba762e93eeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 23:00:57 GMT
x-content-type-options: nosniff
age: 79230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39835
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 11:47:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 23:00:57 GMT

GET
H3 200 63009_20230203015122029_background_728x90_4_de.jpg
s0.2mdn.net/ads/richmedia/studio/63009/ Frame 9D05 25 KB
25 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/63009/63009_20230203015122029_background_728x90_4_de.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee14416cf2f1e444f5380adee14293e97dafb91912540c776803b2e526dae953

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:08 GMT
x-content-type-options: nosniff
age: 64759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25756
x-xss-protection: 0
last-modified: Fri, 03 Feb 2023 09:51:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 03:02:08 GMT

GET
H3 200 GothamNarrow-Bold.woff
s0.2mdn.net/sadbundle/4109205582467039232/assets/fonts/ Frame 9D05 80 KB
80 KB 8ms
8ms Font
font/woff 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/fonts/GothamNarrow-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a7b3c6dd66c88e7db6eeb6ca64342e2256a61bcd96889b2f6337aca61a0237a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 15:25:27 GMT
x-content-type-options: nosniff
age: 365760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81884
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 31 Aug 2024 15:25:27 GMT

GET
H3 200 GothamNarrow-Medium.woff
s0.2mdn.net/sadbundle/4109205582467039232/assets/fonts/ Frame 9D05 81 KB
81 KB 10ms
10ms Font
font/woff 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/fonts/GothamNarrow-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5d958be76e970124b20b9d17b84962fae1ad78a436652cf10194ac5fb3ab27f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/assets/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 03:45:12 GMT
x-content-type-options: nosniff
age: 407775
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82744
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 31 Aug 2024 03:45:12 GMT

GET
H3 200 flecha.png
s0.2mdn.net/sadbundle/4109205582467039232/assets/images/ Frame 9D05 1 KB
1 KB 22ms
21ms Image
image/png 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4109205582467039232/assets/images/flecha.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

316c626585650b118dc2ca02a311b72962a5d160f89a3b686a942548cea022d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4109205582467039232/creative.html?e=69&leftOffset=0&topOffset=0&c=WkCpQ8z8du&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 03:02:08 GMT
x-content-type-options: nosniff
age: 64759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1035
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Sep 2024 03:02:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B487 13 KB
5 KB 10ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34314
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 11:29:33 GMT
expires: Wed, 04 Sep 2024 11:29:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C6A8 829 B
558 B 21ms
18ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

580a39e97a756499af3e1de4c8f583e5162b057d6c2da33ba54dd7f098fac3a8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qhep95yRT-EwLNmsbcMU_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-qhep95yRT-EwLNmsbcMU_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:27 GMT
expires: Tue, 05 Sep 2023 21:01:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8231 0
0 47ms
47ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuPjKZZiWTW4-Fo4nNZaqZyROsDlndohIyA6RxVS7p6DNrxAAOe6LrnLETmIzAUL-lWrEJ6KZ_3h55RxULDeYIy8zfKMxEQwHTPyoFiMqC1rG3LSHclz2rq2JiTJ2yv1uU6_ey8JJ4jWJsLuo96Hhm2l1Bdv6ddIwSzxzlxlhctOuwzxbood6EwoyqDSaHH6cxDv9qHhuB7xxbm5XyqE76uZzzph9BcLup_LEAXAyqds3UkNLNn_QpPf6QKi5r5A97eYJXlWOQGQ_kMBTG7GfR4tkb0y2q75Uxthai11omxKR0somF4W1spXqEGNHybO1ih5wz71xdk7DBSsbdFF5mWNrtzUZ4FPL6C4_mbBcG2ATLNRwzMHelLVcspBBIPzhDKG-0pi2oAthO47feGuFfiMBUQWlnUueKYjoH9lQmuIBvxdKHfN0FW18p-0VtEy0ugQQ1OaY90qQJOPCvilk-S0_NKuc6IRrej7hN01rbEH6q0QXSDaKht48EwiwlCWjY3I7ZSkqm-mlriYDl5v-lOXfsrs0lS9BQLv4b933JOQ6JgeJ1zq2F0T9DobZNPvMlOH-GFSbSuMyoZ2-4e8tzL1SuYBmY3n743V8thbAC8M3W7nUw4z3Sq8za0OifBAAJXLrz7v6Lg0g0U9H3Tcf62m6O5Ci01VyrMEcFCPz3SKGD6kXT-vMnZQKGVBQKzPW8a0r5AfFYmCLsG8FdN9f-vByi8Gpmw7oHmoocXNJ1abT9S9tKaLu_13KfSiYHvmXYF9ghgh5c-ZsfOA4MA30c8FbygpyE7YTR7B85izOLOh6oXUTliigURP1oQpCzYLrIxOnQQA3W4cN3uOcoGPUtr04gOSlLt8-jXygUZtX4BPJWYLb3L6XVw8qf4F8Emhe7JstbN_RBDfpl7CwvRDzrnN-lRG--keo7zDKVEsFwW2mY4wpS0aGyYD-7h7Qrna2Z63YkA3youIld9pVrhaxYsuQs3Gubzp9jl6Yy55cKPf-WqynvvC12pjIGBdFkNIlYvT2vYLi8QT_Nenfa5fJCXO0pOPeQGuttmeep5WovI22o7-sKQFVlEEzDbhL1MtR8nOKb4G3-0-2n3MSrLQOzDxEi2Su40WS8RaVUJa5DH9eJwkkvUNS0f0z_rd5ciIL_SzJ-adeVbs0EzXSsMN_XzbUnINf6Uu6ukVcyZ-4mAIaVAJ1C8hrUmapqHsHFe-DPqiwHtPIjdK1rL9tr3smFz8A_siwWiH9kkvXkeoc2S8lictNFwDRDkEbahERK7kumBb_COp4yIl5OYQOlXoT0FmAgoddyd4aoFhUhyoupXLoYLdd4z_wT9HZpDmY-tS-CxcQKXsdJ0Ftk&sai=AMfl-YTsotfkEzxumRFpTC8K3kL06kxu1bRUu0uGYs_Nqsdd29c8Nb4ef-Z2Df-eKVreeKfgckpPzi99nKSQ2Wa-t-CFOPNUzDcGstb1qQfJFAeH8Z5eFCJwRfqHl5lbo8H8wgXkWy6DnZ7zfGuXGK5GDXBxSrbh4ZEP9kdOAsuACdsAYANPHximNU1xTaeXH0RH8wObBJPcqbWDbjbubxEisOdED0kXV0MQJ6qvQQ&sig=Cg0ArKJSzDZMVS9FTLoXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=357&vt=11&dtpt=249&dett=3&cstd=102&cisv=r20230831.49846&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 2715 38 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 90FB 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqigKJpf3ZPPzAZefjuwPjIytoAEAAAAAOAHgBAI&bg=!-fql-rXNAAYHwnCgJ8I7ADQBe5WfOBrRpDLFf3EG52TuUj0tYuU1A0W9ze0RNgavGR4BkY-0Mw-CT0sxL7XP2IUVV4qQAgAAAZtSAAAABmgBB5kDVNZYOfRPp_FeGQGkVxBDZS2P7Qp6ZQDoNB1_U67njK5zf8BPFAgStQpKpnDxvsy98q9EVcqieNgB9obk1ll1K15z1DeKuu9zdw3Y8R0ae3VaiGTAd6zdfi5BZ0joLud_DNDqs_XfrQGxPBJti3QwP9_9hds9-_d45ZMynYqamq8C6yyJGgdFL9vcqv4SFixQwmuyuv5VuKYA8Ff7wxcw1B_IpyRQ4NI-h8NJQa_DFpIh6Bc-R07OQXjADNFYZ4Z0xewebnWIB9F05UjuPR4BP-OVZzmVwYyF7rZ0R-wnvkACBqJbXDJejdBEnPKzAMzaD_frZpBFAQqWA4T0AEnAoSxTN3fzT4ybRDCWQDIbF-Zf1sjtXeesHhXcEjZbwsUBVIJV2_YsXLmYOV2KvzQ92-W2kIw2e7SNBjisitmQFZXzmKgCiIZvOT_5e70nfK00CfxDE5Hn-ArAxnTql5DvXrqmB5G4uWNgcyQqBxbSk6E-nJu-M14_akA5y2cwX8Dxj7T8d0gxC6Xe-cRaQvQj6TPMU8FTC2tRppuNArkg1Kw4vABk0eKUEfQGz8-jmpcUtjZFF_-t-JRYl3z9s7iDHJ37-iIZXqc2gMVxZ9gZDFEKIgJZ-e5WLQ8pkpe9Fo8VS36JgM6neV-g-r3Q8oyBJ9Ke2b0hjkQQBQUUVvt4cpMOrZSrGIm82Ex9Gdgc-oNhVRik4zJuRF0ZH-D4tPaFwWcyExhOQjfAjbP3k0oH7e84qBAXGm4t9mNoWLYzIGNxGyBU8RLB2Lk4Q5rxp96x16WkTmMYPjyG55P9ifk5vI21bQeldJaQIpz4VoTUd1F5a0PDwdPzj1cdPRvo3kqxXYG1vjq8rppkh918yVKEj_HkZmLwIxRKFcMEmUTwgXvHQ-R5LvXDgyFmfhuLoF1WT6MsACAdmZVQMESnm1b9MOhcJ6EJRxOV1PZdc-uN20wGhYrEBVGBDyrfxNS3Nz2zB0XoQAnBAk6xrvSI7BbY03dv3dkXzfstaMcC5sQOmVHE6gvtvVW6OPANRKP8xmZcfZqzvLuVdIpPIRNi3Qhk765eEPUNEZ1PIVG1hVALtCwuK75uUMsZkho4YnAPkzsDvYMPr1NA3R1A-et4catfQn6wUXWboA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BE12 0
0 46ms
45ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308310101&jk=4034324332504880&bg=!TU6lTgHNAAYHwnCgJ8I7ADQBe5WfOHY_8sArZ4kIchVGV6TA4yrjGYxYdfwMOvx0acxat60DE-n3KPww0fpe_KhmRDiOAgAAAhFSAAAAB2gBBwoABn_l20lRMpkDCW2e6GDOs1y_KYacrxi-7auvjELQnOsf3XCyRJ9DaWUynopjk3_lrWiuwOJlfor5cU-V5NlJQ1UuiNFrNSSu_Jg13zqRRAt5IqKiNLC3hLas6s-l89WmlzQ9vj3G8QI7bUjktvD2KR6F2Zai6jksYmzkEQbemFa489sDlnKBzG9sNh4YxM8GS5oGiVOrvVIxYPdsOtdY5VOpeTccevDofnbeywJZbFkG-UkXFGKMhTPFqOepWJH121TVPsrNm0GaSnqjQDbS15xKgFhyIda7uyzM_7FldO3pPT450njYfGwHnq3jjf0GqkBZe-0WJ_Flgk9aCi_XH4nYwU18l980EY8sQ-QHm6fdqgktieK_mPBkol1OaWyf5ly8BL7TuN1YJEl618nohhzrB8UHgwf_H9GIZgS5ynVFLHquhwJzjUqNvjHZXIXE7vmoY3_n8ANDJYEj1_AFhBYEzqeiXiRrh6vA13Nn5wUR8zU6pxTEQQP9Tu1r5I1c9LKt90MBnfvSSOzLUjhAev7uRlAUUDvTuJ74uH9gSg3CWqNy7I1yv4y9XygwrcrCHnNk9SUeUMRvHW-ij2C0-0ARrPg2C8tIe8kVi0Ml9IrQlwYYV5E5fuI5_4ZVuYA3RqPOczjAAJncqyjKFE1Cjxf3yO31QSs53cnilvxvb0rEkYNCxIcDDLuDKFZFnUDjHRj46pGVyPlGtbtIezS5Xk7YU2cU95zwPTgBOvkLyhE0zbXpo35TDoqcJJGoDlsGFJf8qeJXLuQ23L7Krt8JcOwge118pXDEhrqm1jsokBkMyeA-tDagpkL_pMB4ZLMhx_4GbtYbR_mSmc4ZoZRJwNoj1RR3y2en6I55RVtiuIYbya3ePnVGeLwUbq42mOvbzk7qiAEf2r85TCpQ8tdC20kg4CNx5suSGWmbA0LZ8iWmS8IwZmU7dRHDPw97S9wRkzBDlFGXi_tD0rbfXwFat7j21zhpa2hW6_a3ECnEbL6Ya1fNmF6O_UAZtiheM_8Aa7vohKeVdjket7qcS65nVWusUQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 link.html Show response
track.webgains.com/ Frame 7348 2 KB
2 KB 178ms
117ms Script
text/html 3.10.47.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=99323500196079804444554012438023&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.10.47.90 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-10-47-90.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: b123f17c2f1dee456dcc91a32fb6f2c4afab3284e47572e4e406e3a52ca14b64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
last-modified: Tue, 05 Sep 2023 21:01:27 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 05 Sep 2023 21:02:27 GMT

GET
H2

200

activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836 Show response
5994599.fls.doubleclick.net/ Frame DD78
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836?

392 B
325 B

55ms
54ms

Document
text/html

172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

17f76867fc03cffbb4a178cd3bc29e64d37611370b0cec5ce2dfca6854fe4858

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:27 GMT
expires: Tue, 05 Sep 2023 21:01:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame 6009 7 KB
2 KB 33ms
12ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 5d063d47863511e40e7c173217bd288ef2fb9dbf624bc9e80239776f56761aa7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2030
Content-Type: text/html; charset=utf-8
Date: Tue, 05 Sep 2023 21:01:27 GMT
Expires: Tue, 05 Sep 2023 22:01:27 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A5B4 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 08:56:47 GMT
etag: 48472445140208031
expires: Wed, 06 Sep 2023 08:56:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 75E3 47 KB
47 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 20:56:23 GMT
x-content-type-options: nosniff
age: 304
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 21:11:23 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 75E3 46 KB
46 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 20:51:55 GMT
x-content-type-options: nosniff
age: 572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 21:06:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 75E3 7 KB
6 KB 51ms
50ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a2f347f2eccddfbecea1e564ff49ad072e5d66e84ed0bba19d07f455939497d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5666
x-xss-protection: 0

GET
H3 200 60005582_20230801062514128_APP_iPhone-14_Watch_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 75E3 24 KB
24 KB 9ms
8ms Image
image/png 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230801062514128_APP_iPhone-14_Watch_ASSET.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b13818ab1c181c773bbcd28c85c0d7039711838f45060a5f71203afae9daeb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 13:52:02 GMT
x-content-type-options: nosniff
age: 25765
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24598
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 13:25:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 13:52:02 GMT

GET
H3 200 60005582_20230801063021966_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 75E3 15 KB
15 KB 9ms
9ms Image
image/png 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230801063021966_160x600_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54b0b081c197276b65ca2e96b1792335a22fa05c87ef56811265f58fc5887e53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 12:14:07 GMT
x-content-type-options: nosniff
age: 31640
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 13:30:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Sep 2023 12:14:07 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 75E3 43 B
609 B 59ms
17ms Image
image/gif 141.101.90.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695792_145341318_PO1202A20230816&ref=29118705_4307561_354695792_145341318_PO1202A20230816
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.96 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
via: 1.1 varnish-live-2-1
CF-Cache-Status: HIT
age: 9158439
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 10 May 2023 18:30:14 GMT
Server: cloudflare
etag: "2b-5fb5b10159980"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 273086407
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 80216855a8262bd9-FRA
Expires: Wed, 04 Sep 2024 21:01:27 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/7ee36b0e/www-widgetapi.vflset/ Frame 9D05 209 KB
65 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/7ee36b0e/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47ee535752d99f4d65efd72e58ed7ab9dacd29c95cdf17e83251975ea24814c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66023
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 01:11:43 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 04 Sep 2024 21:00:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DD86 0
0 47ms
45ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308310101&jk=3041573405313352&bg=!jo2ljcLNAAYHwnCgJ8I7ADQBe5WfOMyM8Borxj1f-n3tZgVXFmHJsre2a5IeroyMccRJ6Q2Lyjnws7BVGXg_gW640_FCAgAAAe5SAAAABWgBB5kDCuSexFPBeV_Ftl04OQbEGRKI8SWzxusREAvCTyKVdHZpx8c6ENrinemOaXJ-ClnOXbiPKJVg37lcObm85ceF1xciZGI5uvkomQWKRV271KAMyrHi51JqFaRDR4YJl6b-xoNCXLirN5ED9q1W9QqJj8QirKjTYzN1t54D3lBA3Woo7nZ7L17na3p6QxsG-2oBWXHlzVlmPVQx9EB289KAxUu6xRZ0y-7yd51yN6pWm2_2NYPe59w89GY0bbCfk3R87gZCUCc64Y-kFqqQegfiw6P1yeYT3UHELoRjU6EL8z3038fZPZ7UB4vivHDRWx8Fwl9tR1Usagu9j4WpinfzJyMvOjWPISyRLbvhjMH03FQioewmNAM-WwBrciyjjDTMhNgIbtUjGLhL79Wzj2YlsdS4lwjAJhX_bi9jMVrsocUhbz11iWD8nqUdI_UA5bayR8rUV_wYEhop5xPZyi0FipVnvkmTtjogJwkI7uZv5t_X1T8zt1pIeBjqgufJstC_qELH7XqnIahn910RTY6yVq7eLd98TcOKJwbbtXr7dLizvTxAiZJHYJZmb8EpBnlBRv8slm8IivUDUK9LW4racU3UWdlkg1EUwvrNUP8xdH5qUR6aK8ajPsQ7Up6KJJbb1UQKKqwCi5YZvIo48Ken8e6Kf44cuVGVVy-09AJgg7hRtq7k6cSIMkqFvCsNyA49awYso2KwOX5SnXiBmKMKEupYrWJ7_Q3mmXdyPBtPUqfof8ooeMCuWDSU2Ma-IQJssq9XoGa-cAo0HTMWCPpwlzms_B0pf0SlGg2X_iVJKEYC-kHdCmQjSymgv095C7mgDaVR6DyiL8VIeNG6Smvw1i-PRfugfdUZ3V3a6sw_bQxwnDJap0R5HeiLaGe5fJewHZtYABsWuQxC8o6rkk3R6gS_AGxp70po4NJzbTmYDRu6qWKA6FBu8Mx38tqKSxaonFhhjmbGar0YIFPZ3mABspT5pobtjZk5s-gYGanUqdCfas7IQ0vrlcUA7aYtid6qqbl6qCpZGDdwf7s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 598F 266 KB
89 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7db0e5ade88c0fd7a59b803bf38e4e6deea6cde53fe1e26af915c1735c9951a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90584
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C6A8 0
0 42ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230831&jk=2804041738172264&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ Frame 6009 5 KB
778 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 20:24:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6009 17 KB
17 KB 33ms
12ms Image
image/png 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b8b33c9f1603bcc9a5dfbdb877f891577a17f038a84a5efa457a983ebabe3a92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6009 16 KB
16 KB 33ms
12ms Image
image/png 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 40edf49afd1294683d60798e117a93141177b5e384b0e8e2793ac7e1a55505f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6009 11 KB
11 KB 33ms
12ms Image
image/png 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7b01e18cb9121189a171d846d8db0a9ca705a4e14bcff32c90fa1a93a6b78cc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10937
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 75E3 26 KB
26 KB 7ms
7ms Image
image/png 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=pQ9MYwTlfX&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:00:04 GMT
x-content-type-options: nosniff
age: 83
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Sep 2023 21:15:04 GMT

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame B487 38 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 75E3 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame A5B4 0
103 B 13ms
11ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEMe8J16HKg9zJ1Zgf6UvPEs&google_cver=1&google_push=AXcoOmSVr_hVoa_wRJggAfWH8v-TNaBDPWVImk9a_bymyrOKGXroOHzG-fkqyuHeTDo_Ojxfmw8IsfWdoWzlTDi0oLj8TbRvdgW0Vw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame A5B4 70 B
265 B 105ms
29ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELIxLe2wbz0yaUTzU1hQ2cg&google_cver=1&google_push=AXcoOmRJuQT2SOJapVg_CqevgFs13HMbjds3qioC74JeB8q6nOBFKGiuIUDUNqzOHPnvIGl8ETwVNW7ZCu-XzhJyxtA6hxT9gixW
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5B4
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHgm1T-GOn8MSIawQRCaPEc&google_cver=1&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2oa3TRXg&google_hm=eS1ZVm9ycVVkRTJwRXVU...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2oa3TRXg&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 05 Sep 2023 21:01:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRm5wPLGz28u7ZE6aSjOBSEfRkrHws_Ce5-6d8rpWPTxVyk6fC34T1pSvxMv9T3sF6uwIBUteDdyYMcC9lh8tQkvS2oa3TRXg&google_hm=eS1ZVm9ycVVkRTJwRXVUeDBHb2JBRlRhd25xQlpISjd4TH5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame A5B4 43 B
363 B 56ms
16ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQPnXa-BozS_vLAdBM93Ek8nJoFF_1neYP3XJNNznEb4C6mZQeXwjeKLnabPHIJ9p87ewW1tjwjgU11-kfCX-DyLocXriUimQ&google_gid=CAESEEpf_jVFd6vmfb1RcfF_0qs&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 251360
expires: Tue, 05 Sep 2023 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame A5B4 43 B
245 B 37ms
15ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEA__W6y-KidTT_7ujMcTgYQ&google_cver=1&google_push=AXcoOmT-KaNRlSuw9blKf1jEMqkU0P2FCLBsROYvSTEdtyNbWFNvYtvyk5NjXcD6UcWqRZUoCRnJS8Ue8rCZx6R1Aw9Po8bmGU2hmQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5B4
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEIleHmckEDEItFmO9SZs1wM&google_cver=1&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_YV_9iY4bwHmwIZJFKf3gmvyyGxKmoF8S7G35RCd1dOeD
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_YV_9iY4bwHmwIZJFKf3gmvyyGxKmoF8S7G35RCd1dOeD

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjU1NzI5NTU5MzQxMzU2NTE2ODA4OA%3D%3D&google_push=AXcoOmST5sk2ARxBhZhgFRu0HZbU5i7kS_K6pSzDPKbw0dRGOaH0V-x_YV_9iY4bwHmwIZJFKf3gmvyyGxKmoF8S7G35RCd1dOeD
date: Tue, 05 Sep 2023 21:01:27 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5B4
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESELY8skQVn3Bc2wEsXMN0hN4&google_cver=1&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j1...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j185nVsgeCviKnLq6R5qjemAeL0r7s2zkWpUxw&google_hm=9...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j185nVsgeCviKnLq6R5qjemAeL0r7s2zkWpUxw&google_hm=9jztrqHeQUaCftL_U0Lvy4Q

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQ480edIrHMp5m5mw9qoEs5Ulo_Qr5ny8ilt2NZ6QDr0PiS1W8uoGX3Zx8-j185nVsgeCviKnLq6R5qjemAeL0r7s2zkWpUxw&google_hm=9jztrqHeQUaCftL_U0Lvy4Q
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A5B4 0
12 B 15ms
14ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IhEbTztcCIOO3khpIJeDKOS5-IEgCS715NIqeX-29L32RjFsRJVDKxte8T7BluYvnQUBe0sQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame 6009 0
150 B 35ms
13ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=99323500196079804444554012438023&a=bfd1c918&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=99323500196079804444554012438023&a=d6e06356
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 21:01:27 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 419F 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzGSSJpf3ZIzTGuKN1PIPk86X8A4AAAAAOAHgBAI&bg=!PD-lP3DNAAZnwVY5R8E7ADQBe5WfOGw0lyD431_Xo4x-tx7_pOdIfEPCvdVz_-0JvsXIz_gTwYwwvaWopNFDWqMQ8ibtAgAAAbdSAAAABWgBB5kDJkTeWokDugreHGHJlJogyYCdhP50_ugl2WmdBcHaeaKrp1zhKrKZKkP2QuMoiVhNB-pGiLmUkVo_X_BGBUszn05XxIVYCNI1_KsL1pfnng8YXTfAIcwR6mTTXXE_5dhFzEYoxDTd5d0ixR-bjdpyL-N98Ja2se1xp7wsiBN-zdp0COKUnBYog1ZyqzNKXJdv2EcmokqhEajF5lRkghbfiCLMpfxibvILEfSfjhAvdzLDITfk9KQRmVMgqooL3SL4_62bbdw-h4tv_qONqNa8P0FK4otJLZBatyUK6fN1VvD5ZhVYZCzhxPDBd4Le1t9OH5QOVoNwW-6q3P-t-Fvr_rBRcXdZ0hBquYBHDZ31N9DgyExVDFqqO7M0BTixqujkr9hDKh2sBtkFVVwWtarUIH576OyLJo-IQWtrmVI-8wQDk6GtYwlwsh6Yo3_xQ84FBDEBbl2wvQT7xKgbmoDivieRkycb0ZpOG1tSk-DT7mFN7svJxNDDSktXrJGxRD_U0g19nZ_d5ELgId3Fb00hPj_AO-KBQ8NrhymQnggatBl8nThy6XQ_vkETUvsIbATOfkrAVOn6QyT-EaXTZOTt7SMdqAT6RZlPzTO_1PHdfDeDED6PELGYnR66Pm9vJY5aSu1uViqj15HTpLpLSh0CSZWV36N2bYjI1GeMqFkyBHIUmgUbU_54elmbMK6OaZXRE1LMcqKaamntrsvlyvX2LD_y6x7w8XoyhCogbKMbKapjTypijEPVqIdry8NQ23eOxMLQ_itQk8YldqwTpy_6qdNcXd6uvOAu7OQst8WfBO3I99Hy_YwxNhBcJAThn2ru_9zciXA4qr0-K5hH05FDYpH-x05T4CFD9J-N18B0IrVtdRsshG2iufM6p97u11RWSSwB5uQ90CcYRWpuT_lQqmz0t_7gVqpA4da3neSwozuNlh4d9uWXtP63G_zlJGUbPngeuNEYgMMooDzvojMzdcvAwMpLXJs-SwsD32kUhnH8w6aLRCKQyBUvRrRDmiCkuUngcPleAzTZKh7BrOwLlWY9W3p_EfW8qDI1CHnsJcOZMqskgL6l

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836
adservice.google.com/ddm/fls/z/ Frame DD78 42 B
401 B 93ms
47ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK_8rvGulIEDFY7GsgodxsMDJw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3522534192022.6836?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F582 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFBgvJpf3ZNyhEqq69u8P5cG_0AEAAAAAOAHgBAI&bg=!HxylHFPNAAYHwnCgJ8I7ADQBe5WfOPtaU732yV5ktlryr67cWInJTq21P218zzcGozxmXAPL-VtC7ILbNNtT77M4umIxAgAAAfNSAAAABWgBBwoAWwOGaptNRAo5boGI9CHCAqoz-OHt5GHAhgt9aiiKE0EMkhUnTYngA9ld4WUu9xkeDnSzhGfBsZ3zwGklIP4KzND3PPoUroyjO1TWGBxmzs65p1cvfhvsM3577vKZAy-kFjbQFiD1SFZSH_vzjbsc2goPlerLgg6Wb3MCbZF1hiusiDI360mju49AN0q6C4w35WVfcBqZn2Hq4lWgTz2yKWJg1vMVJ_f9usmSJzrFHlnw2cKQ87rKDl4lYGZ6LNJm5iDMy8gdaX7VxBDAYJ2XFLl6-AEQ0GftjUFeJmex5qqTUM0ZZQfJt8wA3NRe-KE1gQWO5CJYfqqEgdprwvVPxGDnSVxMvxZ5BXsfEQneEef9y41DEHhu2QB_AAR8cM0qfrh1YbIBn81zMy383K977a-dnLoQDr0FIEYRrhqcRLS98_6-xoZyTDn4_8EajC7LkvWGdZcjszIrNj-JvW0pW6i1IaEThfeoio8xnRk7giqcFOpIErUzXmF4qE_IAg6HLPpFfwCiJtkt4h-N8pDj114vyY2FUeIeUrIbhRcOun9c98ezvLHelP1BgB6DIehGJ7oZLk4FJLKZxjiieauXXfraZV80gXgFQHJpTyMuoxX_t4emxNMpJIreJp2V1A1eqya2jMxWrDCmRMm2YaB8z0tZk4kBbA_jqLdcxbMk6_c8jd_WsnOwLbHJNGhFDigBCh7aruVxdR7FmBZUlwQzY90_rO65XL_irJ2eX-cIZfjCfdxBaVjlgbf3S92C6eUjvu7iB1oqa436yIhZuZoK0gtvBguSW9ZAZVfQpsXxJ6N_ozYrN4qfW-u71maRo55KW4PXc9KJA3Ipg4zLGYfO5OJHBS3_1WTMTSIj3UkpTOvBT2V5AgpOzfHDeWueMoo2BQ0ywXUYRcw9XAGBIVs9umOXPGxF_6oHNP-b8ZK4D3OzFYqKfqHLPx0y1ae5JePMxFe5nr4RWfiYZdfWuUdXBTowPmfONB4WLz4i-ia2-_LufBiOTwF26fx9yf8t9bspCFdr_eWOqWuT1I2Sxb5Ku5JNfvm_Ci6W6YIbcsbKhHnMsYm1xMA9ztZTnFFY1f4I-9tyDP9ey8oYuzEkVyWNW0HlxmURnQsvtMwDWjAERjqBzuXMQWRjgoM9pE3BYpHnKBL8E4V8USx6BNq09aaDjSDPNF4tOCKtbeOeG8GONjTwUYhtx6rjbZcDE5smeQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame CBC4 38 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 7348 51 KB
18 KB 64ms
7ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=99323500196079804444554012438023&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 16:40:23 GMT
content-encoding: gzip
via: 1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 15665
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: h3kjgawRGYOkFb_txH5r9wxq_0j8kRTr6siUngNR6f-1rJ5NWjGVMQ==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 7348 3 KB
3 KB 41ms
6ms Image
image/png 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1693947987&Signature=Tp1sn0wIA7k5h2L0Oal3Uh9oarr~2j0UtRJhmcQ0pWy8WykxIE6TsJpAROnh3NFmcYQ7BcUqvbwXWy4DOZ9c4KdbQU~lwE6bR-8iZ6-rifQf1gFVqdFYND~M8SwouUq1S5oFtaPNofpJjk4w1sYVTQDwFC3cRO7jEs5R4ITHmtoYidT3A9RSBvVacXXohxfWesvEh-voWAQQLGdt9ANrfMGnbz7~LaaRLRJlXc~zD1Wv9o-Rh6ROXKPjeSZfqm3e9AEyTKygwXUDoznjyIiRoCgIvQ44iv9b-1pBUg6CFXaO3PEZVfkAU1ILDMR2uXWHc9eSH0TVfSTVTun-QzZ67w__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693947685305&bpp=198&bdt=193&idt=387&shv=r20230831&mjsv=m202308290101&ptt=5&saldr=sd&is_amp=1&correlator=5192&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2189942116&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759876%2C44759927%2C31077523%2C31077587&oid=2&pvsid=4275704294325230&tmod=135950564&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.kutr3advsm53&fsb=1&dtd=401
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 21:32:30 GMT
x-amz-version-id: null
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 84538
etag: "4e57de0506fbdb487ffcd53b450caee1"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 0tPNzqTzGrHuccwxO4RCOxRC4lEbUj3gKnA7NF63TygtI8YdAb4aOw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE22 0
0 47ms
47ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvPGGxUKrnYnYZzFhNQhAAnNMVkNIKjk42EI89Sx2igL6ieA-gJGJQ3gc-M0VTnBUMQgJCuQrERAmm2TQg2GzcmEDmsT2S35SJ-rfx2-YdJSQ0ukfAO1WMqWnAljbijbXYyFEtxAG7fnqufGvh-5PHJ1GndAEEDdJiDd60unfTpZZpYTdLGbjZPcse-MY3x5NemCokWFiNpfj3U25XHZXzsYhIii55s2q6mV9KRXE95a0yT2tYiOG6jziAcRtLlmzIEjLZlmBL8nBW1EOqQhqEwv9pdvDo2r6OM7pk3xfa7IWgY6hjRNMXq7-N_f_SmKomiRAyzIuzHCQOdzD0beqsk55DbJ210cRSZbWc90TxJCw&sai=AMfl-YQimznVHEdSaF0VrBGuCE3vJXVhobf0mf5Jyw1kPLDIwZhXrrrrXaVtnkhWwOO4Ifs7pxBEhAB_WMVqmtQ&sig=Cg0ArKJSzAY2jwoZwmX6EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EE22 15 KB
11 KB 56ms
56ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230831&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0efe455191ff9a90e5be84e6595654c11e96e8ae32246bef008e1069479c11d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11733
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B487 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?suuf1Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2715 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvkxeJpf3ZLTSLJLC9u8P7baKyAgAAAAAOAHgBAI&bg=!9vWl9brNAAYHwnCgJ8I7ADQBe5WfON7VvY5nBNCBS1aTo09xC6EnzyyFNvUV2JZKNxHQRX-5Yb_uHjjdCQVL5rGYBQbYAgAAAPdSAAAABmgBBwoAEP4c9TpqeFvqe07RijO4ygOZA01YsugwyjawdQgejG08y994eCWMBBKQZCV1OcrOgv6v0xZlY6c4LZ6eO2mZ5r1Jfc_Yw6ii-85BCtAtZtrzyxM8GDnZHJY2zjx-basO12eoPklQb9P6oOsH0uVbbYtN2CiTcp9s0QC2BC-99nYhLfge8OMh46WBTICGPDu_oEaj2ZLCcSKqeW8gJzs1j2DBA13saT7OZxKe0zjHk12OkF72wx_oVpCwBbPqTRs9znP3cYgtoXU5kioXPNz6JMy-oouFvkrSuGLuLpsLHEc83_qpRFK7yHl9qXycspyV3NWsTplhbpVHP6FLiv8C8oHsfw_ffJ8qn3IZQj60j4_2jj95zgold5z9xQy8uY8_KM7l4fvf6xtvWwiRHQ8s007ZlMinUWzl0faUdSGPYQi5XQSzbrSasyJ5lUAaaUY0l5QvAPtR8hp-nPt4T0vDtHW0JqSIW33Yhm4TDfTVae9t-8d1LyM_ZmJypdRvo2vooru_aC2c6LdROmkp_RH9S22uuhUjyM9nNPgxdc2B_ERpcBLrM1w0rRs7assXYfQWedge-_q33g3m6egxDatiP06oWts2i6rSdO1eLX4CclclKX2YgLQyQzVNyl2wygjWRnwnTLoMHZWMWTESqepChm-wDS5kg4hWm1_byyB4X1Byx2qHVbVqL5hI_kFeXM0LxkjRnYjhFPVOn8e-PO7F_C8i-MH0mDrC9-JcSFXLHj9kJxEGaw0x2ezjoKP0_mS9Iq01BzPiG1EwS2RltfVi0ypGJliEuzUT-4YExs8FxLVJNPRsIGtrkymwztPQbiQKIwhsZqi3waoiecC-tgUuT8S1pgBP336ThW_E8SLLu6gSuOazkOmZuUXVtxSzoISuDibDR-6WVsr9a6082HcNH7MRO_vdkUrtpVLIKI_WO3G3IxcWcLKzQLhMf3tcjKVcR6FADNwmHPQ7usVs7b7IMr5Bq58muz8bN73FaKb-hNGuTgo2LLYte1-9YDxI_znfEJqjT9fcaDuV8kh9Nwd-50TiQgiS2okuuWaq80U6D039KftkWfY8irE3wnBwBDAEYjGbtlNUvsmkHn_qW_4DBZvIbQP2mDWhDC_bzyzDwCUCQCnAL_QSnUfJa-9OX9lqJg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EE22 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Sep 2023 21:01:27 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5B31 42 B
64 B 52ms
52ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvakCf92Frf2NijaRGg4U9saN7md5IIInYS0L6AOd-uzKwAjNnZ35_GMsPzqpIwBzwTAX-YUkfQ7y-RCDPa_KOohMls9QVqXQmHpfWiNdm9rYRoghgxT5jD5KUkWFYh6w8mGEEggk-fNDq9&sai=AMfl-YTDOtgNRaO5VqzYJyuQJOEV1WEnBZ6KGU7lb1DXNgBNB8wfxDLOGDTf_maTci1s6yRda7MmfImKHNZJeFnpYcbwib6p3i-yL1s&sig=Cg0ArKJSzDBAPS2w0vnIEAE&cid=CAQSKQBpAlJWxbU2eHuLkVnpG7rF9QCUX478AYlntQwTmuSomhSr8ppg2-UWGAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1418711512&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693947685618&rpt=1032&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EDDA 13 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 34314
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 11:29:33 GMT
expires: Wed, 04 Sep 2024 11:29:33 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E657 829 B
558 B 17ms
16ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5e2542f1795955b81d85ea66a97b91f326495c9d2db9ae3c9494367702ac3b42

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-x8n3cNPqZrjUurY7So7FXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-x8n3cNPqZrjUurY7So7FXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 21:01:27 GMT
expires: Tue, 05 Sep 2023 21:01:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame EDDA 38 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:59:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 100910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:59:37 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E657 0
0 43ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230831&jk=4275704294325230&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EDDA 0
10 B 9ms
9ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YKPr5g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 21:01:27 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B31 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5834361188812&version=m202307240101&ct=76&x=1&cor=3299037184546351600

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 82E5 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1gNOyLljtMohiCWQuEqnAYduEIkI7SKKgSZw9UiYXEkWKMFrzt40c6NtObWfScP_GxyXPtqj8C5E51fbI8F0SNKEgkF_58VNgtVLXsyCo_s_LXbEWrknawpw8JWd9&sig=Cg0ArKJSzBFSMR3uZXRgEAE&id=lidar2&mcvt=1028&p=0,0,90,728&mtos=1028,1028,1028,1028,1028&tos=1028,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693947685068&rpt=1743&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19DE 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=144264036040&version=m202307240101&ct=76&x=1&cor=18008093059663129000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8231 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8056932250903&version=m202307240101&ct=76&x=1&cor=12351440499569880000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 82E5 0
0 48ms
47ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230831&jk=2804041738172264&bg=!4uGl4a7NAAYHwnCgJ8I7ADQBe5WfOFAdry3R8Z870nLBi_DPcZGl_ueyFu9fvrOqagD8m5c1n8CobKZDPAIyPOrFfN5LAgAAALxSAAAABGgBBwoAUYqeaV-SICVX7-vi95_zCT6TS6JqGC0luXqQNHPP5vO1xbfNWTxu0cucvX3y3Wv7gs5nx2tVt7BmMC14sycOnAtAiHi7UKpFs5j10DZyzXBR6JkDBCsdIJ1hjh-vsStDFwyqq6lFbO-x8SQXXscEmI56y6Pxu2WuQKKWylHpuZI1FlUYhuHkHQCbobSX2EqfLX2jVKePxS_ycx_mWh-PXpxoFxDFblUVmVbgzxWx96zas7egoBbs8y-KIfdwNePgcEeiLiBo9RlUlN6aPayRdRMtG-cCJuTq2924dJ_o0b-iNistuhxMGnQr0-1mgq7caiL3PGNvINr7QDHakejBCQMT9aaJVLfCXY3uFJOrnMSatOJNDb2h17iRDqp-qhtX-SMkCCJ-NHFpT7-u624gr_c0Pr4j3uJAZ6aSYJBABBvdFNtBf9pE8lTE_L4iBGjnf83kH-K_LIU3KkEpJDbhO2rZaq9YV3udPohHLTuhoMfR_J8Bo8-gOMfoS7ZJ_6zaXUXchYYvPY7kwpx_OozCwmXbHcZr3f5qYbjhaXzgmV3QMb1Up0HGnWmWsKYYaZIh8VB-fv1NR4yweVcVQPt1KyDKAIRdIdhrJWUq8QjXgzjHYNwcCnP_U-Xdwo_HW7O2-mDPK0J6HXIDCIcMazPvqq-kGknsBhrEfoIv1Pt4M4UGUx4EWMPaLLJX3-Fi4QrfA3oEL9NvWi-NBg4H87uSJLRtlajUyg88Vc_jc677_g68PiL8nqFnzyy77QBA7X-g4DXjhgt-POoLlRyHblo4FM0rTAAznE-HwSRGRvTUjcdQW-9uSnGs44Tixp4yqM1GaOyCE9-tqdJ2BCr-KZgZ1PGuDRvqt20zsU6uDnDmK4gDIjRL1ncOM_uGEDBa-HQrTTu-D5YOwxjOLfRDkuJ1wMUwM5GA0bS0Cm_6ypy2DawEPs44cSu645p6MZiERXgocDTHVERT6z3flmS-Wrj7zVpc13gJE3Sf1kHCE3QTIo8OrrDJGBR4c8VYR-ybDFFyJmz7AUjJFSKLkBCJ9VRTwAl-mu05YWcHQ2faBSUSvyKy0XckbUWAD0tjYwu2ALCGttBiwpFFfRICvB7F_IhkmmdF4_udkE0n6T9KN5GrnwwXRPzeg8NhYSs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 7348 16 B
209 B 63ms
63ms Fetch
application/json 18.171.28.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.171.28.113 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-171-28-113.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 05 Sep 2023 21:01:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 91ms
21ms Preflight 18.171.28.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.171.28.113 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-171-28-113.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 05 Sep 2023 21:01:28 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EE22 0
0 43ms
43ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230831&jk=4275704294325230&bg=!MDOlM3zNAAYHwnCgJ8I7ADQBe5WfOOTUpqFN6vTfP39sER0LWJhTaPhwE03OWHbv-GM_HYkJrR6HYyATPC2K0ByJNmA-AgAAAEdSAAAACWgBBwoAQ4kJnJDaQLTKZJg_HIAdC0vRrqH2eqQfoTThGmlI5mL8G7KzzkYmPXOh_WR0JSs2s7FYHdN-Wytah-atQCBt8xKeoyqZAwAV83KL7ExDdSfCrO2tq_223ewv19myDECpZjQf9Gw45QNsF2crfLK_Gl0pMBhjU21PmGHy0nLql2Ubd8a69OM8uzyC_auNAfY1WBekZ8VacMvwkRKPXSvL0wgMj5Waz7Vn1yV0hMxLTXZpH7D67fIzDBegB8zCRmuhARwdLMcYvdq3ztGW6Frgkkhykl-trGkfV2GRV_RkMahbbmTdUy50qJbDSlB3_VIeXMVUn0rP1XUy6gPtPhootOwumbBQxCI6wChb2xSH04H4KvLPRYvjVkjQ89iYIxUqXMBdnDbIEkgW75Oo7oJgziYyPpsY9T6QWZtWZqfj1Mj425Jdxf7XoaxrxoRWQghSOwTPCL8MNDgT0xmyQoT711roTsRPAC4IgvR2xk6lTdSBn_Sm6FuxH2JyR3qKX5tqyt8X9-rwqDNR4CteeeYXVkydJBSK1R6NKxbvfDPaudX1E4tsZPXYHRhaHYOxUuzJ6rV8AprU0rKgMgeZoHjxRoeMy5xMJ6Qtk1l30ZNUAFZfg9o7iOjf8a-J52XEUNdWOS4TduueIJSKJM3-V9yx336GngfU-SCFdiRMbV0ILQ8qSf4HQruQxZBdUSmuWyB8Fa-OLom4-tIp2MU8OLnZ2rfTzxO9FOi4uxdGkCIyWaUd0RW50NtOuVYk62YJtavhstwrSXcbUsPQQSY46oAwLr1rLykF3ehp8AHGej3T-iglb6mr2-kew8u7bPGiN8H0klEjzoeey7PiMmQAGPxpaT51ybSvMrpLq7s7q5RDCQnrjbWkrx46588jaOnWFkj9Rwgkkg7gKyHbMrOYFaZY6Q8AS0CwzTYIXCL4QI7XxEy_dEFBCc1hdlOgqeAylbdjG4Z_ag5tn0x1h4OtHQQrx_CIxkqVb2YSuolNrIkjOy460LW2ZCeQN9XXujdJUFM2FSBzN2phb_BuI3b5NfnoeyfKOrPPZKctRzm_GJJYg_oq0QdJRSsO3km96ciZAtp8JdTWHMOLaV4uYO9gXyp-ZcjuI_Tnu3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7348 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=996637515295&version=m202307240101&ct=77&x=1&cor=5088255717555601000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 21:01:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1w2mCVXhsmu0gQckTpMCNXYSjSNBixRw5dqMA1q3wT15ddOff4hbpzwazQTbpvmOw1XiWD13A8vtsCLmhnOodF3FARMMYiALpDb8lCssy7vhEqHodtaAPcBzn4rl8&sig=Cg0ArKJSzCX7XzOSNc6gEAE&id=lidartos&mcvt=0&p=0,0,1,1&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=3449373903&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1693947685927&rpt=151&ec=1&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGyjYg0wV6qme_QDiVmicyA&google_cver=1

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:08:27	Name: is_unique Value: sc12916097.1693947683.0
.statcounter.com/	1970-01-21 00:08:27	Name: is_visitor_unique Value: 1693947683385588705
.xgcartoon.com/	1970-01-20 23:18:03	Name: _ga Value: amp-MvTeGGdq0wM_H1MyVHTqaw
.doubleclick.net/	1970-01-20 23:54:03	Name: IDE Value: AHWqTUn4f9uyvRGdCAopF99Y3nkTOBrqCfFLbGVkfilNZ7MSIXtmOPU5dCFrRLipL4c
.googleadservices.com/	1970-01-20 16:42:03	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 23:18:03	Name: CMID Value: ZPeXJmt5Jqe6Olz6AmeTcAAA
.casalemedia.com/	1970-01-20 16:42:03	Name: CMPS Value: 3235
.casalemedia.com/	1970-01-20 16:42:03	Name: CMPRO Value: 3235
.doubleclick.net/	1970-01-20 18:51:39	Name: APC Value: AfxxVi5MXG50ib0H8x-yVEH4siXcKM-GlN8Z_jJBfJ7OeQKeJtmbvg
.adnxs.com/	1970-01-20 16:42:03	Name: uuid2 Value: 8808518981623228673
.adnxs.com/	1970-01-20 16:42:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?chG]Zn!]tbPl1M>e)ZlrFUfJ+tGXxoXYpeXhVCQu!aSYxqEUd=vIL7qL`dX4puUn0[3If)y3KL9D3I?+XqTCe-
.quantserve.com/	1970-01-20 16:42:03	Name: d Value: EEEBCQHwKYEA
.quantserve.com/	1970-01-21 00:02:42	Name: mc Value: 64f79726-55b5b-42726-0b4a2
.adfarm1.adition.com/	1970-01-20 16:42:03	Name: UserID1 Value: 7275449912513329307
.simpli.fi/	1970-01-20 23:19:30	Name: suid Value: 878549E997AF41F7A65D6902BD3F7C09
.de17a.com/	1970-01-20 23:10:51	Name: guid Value: 1.5779480880156783458
.yahoo.com/	1970-01-20 23:18:25	Name: A3 Value: d=AQABBCaX92QCEB_c9WU3Oq3tKtpmoTOjXWIFEgEBAQHo-GQBZQAAAAAA_eMAAA&S=AQAAAghYOi59AWJADxdDY82E59E
.3lift.com/	1970-01-20 16:42:03	Name: tluid Value: 2557295593413565168088
.ctnsnet.com/	1970-01-20 23:18:03	Name: gid_CAESELY8skQVn3Bc2wEsXMN0hN4 Value: 1
.pubmatic.com/	1970-01-20 14:33:54	Name: KTPCACOOKIE Value: YES
.csync.loopme.me/	1970-01-20 16:43:30	Name: viewer_token Value: 1c0338d3-8806-47ee-bea4-0e7905333932
.redintelligence.net/	1970-01-20 16:42:03	Name: 8lcfmzhxc8d6_uid Value: bbe79e1b1113de1d
.adform.net/	1970-01-20 15:15:39	Name: C Value: 1
.pubmatic.com/	1970-01-20 23:18:03	Name: KADUSERCOOKIE Value: 6A86661B-F506-433B-B5F6-5342EEA9071D
.adform.net/	1970-01-20 15:58:51	Name: uid Value: 5611806951703306944
.awin1.com/	1970-01-20 14:42:32	Name: awpv11601 Value: 113440\|1693947686\|61027930-4c2f-11ee-b5a9-2261897cac57
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.sitescout.com/	1970-01-20 23:18:03	Name: ssi Value: 0991e6ba-9d78-4fa8-8dac-5361539ca5cc#1693947687020
.lijit.com/	1970-01-20 23:18:03	Name: ljt_reader Value: HRbNuGZHH8e4XAIURNKc2kAc
.sitescout.com/	1970-01-20 15:15:39	Name: _ssuma Value: e30
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: bspXgyIlzPY
.youtube.com/	1970-01-20 18:51:39	Name: VISITOR_INFO1_LIVE Value: c0eRSEXR5mQ
.office-partner.de/	1970-01-21 00:08:27	Name: source Value: {"webgains_webgains":{"timestamp":1693947687294,"clickCookie":false}}
.ctnsnet.com/	1970-01-20 23:18:03	Name: cid Value: f63cedaea1de4146827ed2ff5342efcb

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGyjYg0wV6qme_QDiVmicyA&google_cver=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	warning	URL: https://www.xgcartoon.com/detail/yinghuarenfatiebasilisk_yinghuarenfatieriyu-shantianzhengji Message: The resource https://43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0dbcb33da80eb6cc37344ff832527879.safeframe.googlesyndication.com
2b3e60c2d78d409641004c6d13d3b553.safeframe.googlesyndication.com
43736d4094c25656aff74c650dc30c93.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
api.webgains.io
c.statcounter.com
c1.adform.net
cdn.ampproject.org
cdn.track.production.webgains.team
cm.g.doubleclick.net
cms.quantserve.com
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900023.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
ius.ctnsnet.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
portal.o2online.de
pr-bh.ybp.yahoo.com
pv.medialead.de
region1.google-analytics.com
rtb.openx.net
s0.2mdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-a.xgcartoon.com
static.adsafeprotected.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.awin1.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.xgcartoon.com
www.youtube.com
x.bidswitch.net
pagead2.googlesyndication.com
sync.search.spotxchange.com
104.18.39.155
104.20.219.77
138.201.63.149
141.101.90.96
142.250.184.194
142.250.185.226
142.250.186.130
145.239.193.130
169.150.222.217
172.217.16.198
178.250.7.11
18.159.70.92
18.171.28.113
18.66.147.120
185.89.210.82
198.47.127.19
2001:4860:4802:32::36
213.155.156.180
216.52.2.30
23.212.218.19
23.35.237.56
2600:1f18:1aca:4282:5175:98b6:9c84:22b5
2600:9000:21f3:6e00:8:48e:53c0:93a1
2606:4700:10::6816:2e93
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:806::2006
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::200e
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a02:fa8:8806:13::1370
2a05:d018:d29:3602:122b:3c04:1b89:43a2
2a0b:4d07:101::1
3.10.47.90
3.75.62.37
35.186.193.173
35.204.158.49
35.214.162.74
35.227.252.103
35.244.159.8
35.71.131.137
37.157.5.84
51.89.9.254
52.16.244.190
76.223.111.18
78.46.23.46
85.114.159.118
89.149.192.76
98.98.134.243
99.86.4.94
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0809abae4993d7aa20f26fd2f096e478bbb3ec27bae0be65d52f702cd65b5941
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0efe455191ff9a90e5be84e6595654c11e96e8ae32246bef008e1069479c11d6
0f7ce885ed21cef6ef4c9c35a8564b6531b94b242dbb96e56d2e0cb7121f6973
110a66d092384f77c40591909e538c8c92f6c2674d8afeb92244a80b41efc7db
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16278013b2a615ad8cb5ce79fc0e5c0caf5ecd99c053186b0df62ca0aad53303
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17f76867fc03cffbb4a178cd3bc29e64d37611370b0cec5ce2dfca6854fe4858
1b13818ab1c181c773bbcd28c85c0d7039711838f45060a5f71203afae9daeb3
1d0827cf5d8bd47a968d1bf42e0b14b69f34060ffcc0ad36036b0450bc4c624e
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
1ee060b282b72497b9ced2a4519aa524627f600a146a7d34c5b3e5987e1ef340
22c2e7c48ba1f7690755ac0a0d4a0005f43edc6c860bf507a3585af955a9f1aa
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2382b4a8e0d091a7594f454e0c7a58d49dc0b313a24f5f5f0e708ba762e93eeb
246ad5765af74a1c523f5ce63d039cc609699bd40c301fc9e3b6b3c37189b85e
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
316c626585650b118dc2ca02a311b72962a5d160f89a3b686a942548cea022d2
319ebf743ce2c07c6bfafd9600a93824aa52b0844fe94e81c014e169564dc7e3
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34ceeca6156452a781004a85b58e62d32cef13a733dbaa8d53747f59ac31b0c0
36c27e4949d0f65221074e05f28bdbc9fe300a1bc0e4a912b3bf6bb456d26fa1
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
37ba25ff9f7e17416ee72e40cc598748f33dccc74a500e9f613c82265f642005
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3e1ea4a937fc26f29bacd96baf8210ccf1a437d4756f81bf6a7cd9b60698f3f5
4000f8bc8426d8a9563eeb259642c42fd60e779b52bc90eebe02ef8fa9bc8fac
40edf49afd1294683d60798e117a93141177b5e384b0e8e2793ac7e1a55505f0
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
41045abfa2feeef13aff292d28743aa410fcaed6ea256087e0d66550372b2fad
416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78
42972833f3cd3e67adf2a2d107f2982a6901d6ed8b5b379d8822d18ca67b036e
4317cf568ce364f433b3d3654bd15634c4e32ab44c4691b3ae41bbde15ae2b7d
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
4d70a2cb1a55235c78097ec619ccc638fd9017c14902e2f43691670d428b7d37
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f508099a90234125efc2c7dfa2892ea2c7ccafcf34d61353e2f02cec717e764
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5493ab592bdac0cdcfc88c81d7f36c94bbeafa9de767b7a4254b3b403cdfd766
54b0b081c197276b65ca2e96b1792335a22fa05c87ef56811265f58fc5887e53
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99
580a39e97a756499af3e1de4c8f583e5162b057d6c2da33ba54dd7f098fac3a8
590c9c8a499bf5bd52784c2bbbe0c69bc4f2f8c2ed0cc0e44c3cdaa62e1d672b
59c0eee45d147d68a40864deb144f07fe8f427b8b17691b8b1e1c32c6f2eeb42
5d063d47863511e40e7c173217bd288ef2fb9dbf624bc9e80239776f56761aa7
5e2542f1795955b81d85ea66a97b91f326495c9d2db9ae3c9494367702ac3b42
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64c5de999cbcac1d2d9725e0c9562492e84ffd1c70469f2bd5eb169089b413fe
64f25ebf1f595475aa3a4d300a5ebbd9f53103a8efbadf389296c50bd966a558
654025901511fabd988a4842e4bbafe98ce91ba2f4a63df1f2c3b994643d8017
6a7b3c6dd66c88e7db6eeb6ca64342e2256a61bcd96889b2f6337aca61a0237a
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e6ef6fd9a7b3a3f73d87a9eb518069fb3b8a38c5aca6e339cc0c108326dcef0
71367f94c1b70e405665a960650d544ac4eda6ff628ae206d5826766dc674e96
7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a
74599394a7b5a085af0d025e5b61e38728f27c1c516a455c72878133a08ef0b2
77d225475d67aba44f451d1f7feb38a771517c8a13d3582b14c98108c4af0009
785f9564eebed02026e03d37813a63c10703b1ce523595ecf2059d7265d3f7a4
794d61e219331f90223f84b6f7806082dd2fb5388d3c74af6bab63ad2ce022bb
7b01e18cb9121189a171d846d8db0a9ca705a4e14bcff32c90fa1a93a6b78cc7
7bc9a725bf6c833672ef4dcba2d2519271918b9dc6a1025de78abaa552152ffd
7c858b03cd6f32628792b68fa1f0f913c4d3cfcdb5f9ab57b8be110972d251be
7db0e5ade88c0fd7a59b803bf38e4e6deea6cde53fe1e26af915c1735c9951a4
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
83080dd98c9b6f663826528f01fbdb912fcfc91e709dc0628650d9f3cd7d0b42
8379f684a189e4e274a954e9c0877ab03e51d30724acc72d31a18ecb85878933
86e213545d0e288b61dd667340f8ba1d4cf1b2fa07348e69e4fd8fdfa44978c0
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8792764159f6da09f11470f8999dcd6c3d2eb5677b529ca431d754ea4d5dc7c1
8833bac0069b4cd7d4afc62f869ec2d1d7f5c59a9e2ed9b9490de73e5723e2d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8a2f347f2eccddfbecea1e564ff49ad072e5d66e84ed0bba19d07f455939497d
8c1ad8b360d98bfa2002ce9a92f81254373aa62e8302ddaa9ced65250c99caf3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
91e953bc136ae9ec5bb22f7b7831f0ca81c029374f595184d1c3af89a4870a41
978f05cdbafb11e08c46882ecf64fb971687b8ead58f568b9274f1aa1a296ee7
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9961ff8ce61a82e625d8237184b98fed1f2717647e567fab38ea32a49cf42f6e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b491eb99f9549187dc757f548439a68f8d385df9f7397f8f100cabd3391c4a2
9c2b8bf6d7f578acc716ccea1176e3c24dfb58f7d495a86801025a503240d503
9cb88e732eedf1e5ac8ff4b9df9fe7b87bcf7d514b101c128803157e3414310d
9efe42a36ab8293cfdeadd010c7c1bd3569cde95ebf9bcf92035c3654a23c3d2
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a47ee535752d99f4d65efd72e58ed7ab9dacd29c95cdf17e83251975ea24814c
a579343e48deefeeb438bcb7f6aeb6d37e68102a8299ca47b683991f0af26b28
a5d958be76e970124b20b9d17b84962fae1ad78a436652cf10194ac5fb3ab27f
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a6dae7b187885b31ef6a9852c600d53f1d9ea668502f06400fda8a501c764fd0
a87a1c72b2e889b01c62c7093236a5996d011ffef5a5db018a7e4ee78f04cf9f
ac79466527bbddc1f62ebc9439506bf48c8c6f19cfbb8e2bb71541c45e0e032d
ad740f627b4581a8b2a71a7bbbbfbb0ff96000879b57a5d7dfac84e1edb4b8d6
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
b123f17c2f1dee456dcc91a32fb6f2c4afab3284e47572e4e406e3a52ca14b64
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b6de5236d8e4fcc595642c950bda70ea29d2ff63c5100ec381d5444c4744cdf2
b8b33c9f1603bcc9a5dfbdb877f891577a17f038a84a5efa457a983ebabe3a92
ba1df4d23a147a8e82164b8877f0097a6f8c23d76242e91beb29dbde4f9ba235
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bcc5de0f53784c98bf4b3345b43f7d95736bd096e7ce0b8132a0555624adc13a
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c42f70272f83d0995070c3780d3fe8ea2250271c63c21cf7518f721f1c6faba4
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c641bb411a21426a8cb3acc8ff59da84544bb0a5be0bbf37e4170841fcbca48a
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca09f0204ddb297f2632faa23ef61c104e14b2e67b76ec13bcb2227631ebf2d3
cbfd9771c8ef1186778c283ca2f58052ed2f193aec21b51de3921a8217ee807d
d03d57f25aeee5c3d431f527739654319f4b6308ae70e3daf60f34226b3988ab
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d26ed3194b33ae2d9412002c033485e181ae7089aca5c82b34900932a0f214f9
d2c826e69e9064b3bbaf8c82fca27f76762936cab8d3704388c5f560b56f82fc
d4d799f707912b744de3ed07eaff7dd1527badf38b255e424501d96b5ec0b63e
d74bee7fd7f696f1d12267064500896b813520e0eba8b058c9895e9f13d12130
d8fa53bcd09110b393a42ea6a83effb0d6c32df31a1762067c4cd59fa5d2ff70
db6769bf23a64b366aaec1bd6a73697730bddbeab30537b5d7699023522125f8
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7
e173425b34fc5f21f1855861dcf2e77b5df79525c0767da13ca0f8f712abda9c
e2c5aae989ebecc48aa3e455d9e066b4f90add7ecafef55cef8fce5a5823a735
e2cdb6b3ceb8bf074e66b6def64121e34d3f64f577b797838241481dbaa0c600
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
ee0ccb2d5e293209e2ccfafe9bde2d092751143390e5930bc7ab30c28eadcc09
ee14416cf2f1e444f5380adee14293e97dafb91912540c776803b2e526dae953
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

317 Requests

89 %HTTPS

38 %IPv6

46 Domains

63 Subdomains

50 IPs

12 Countries

4188 kBTransfer

10734 kBSize

34 Cookies

1 Outgoing links

Redirected requests

317 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

317
Requests

89 %
HTTPS

38 %
IPv6

46
Domains

63
Subdomains

50
IPs

12
Countries

4188 kB
Transfer

10734 kB
Size

34
Cookies

317 HTTP transactions
15 data transactions