www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Submission: On September 04 via manual (September 4th 2023, 4:23:31 pm UTC) from US — Scanned from CH

Summary HTTP 171 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 37 IPs in 9 countries across 29 domains to perform 171 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
14	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 15	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
22	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4 17	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4 8	172.64.148.101 172.64.148.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1 4	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:18d0:4fce:99a6:af2f	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.42 124.146.215.42	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1 1	35.214.200.51 35.214.200.51	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	88.99.70.21 88.99.70.21	24940 (HETZNER-AS) (HETZNER-AS)
3	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
2 2	108.138.7.57 108.138.7.57	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	133.186.161.89 133.186.161.89	45974 (NHN-AS-KR...) (NHN-AS-KR NHNCLOUD)
1 1	54.64.134.86 54.64.134.86	16509 (AMAZON-02) (AMAZON-02)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
171	37

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.98 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.64.148.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 78.46.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.238.55 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:18d0:4fce:99a6:af2f (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.42 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.200.51 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 51.200.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.99.70.21 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.21.70.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 78.46.23.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.57 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-57.fra56.r.cloudfront.net

cr-p1.ladsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 133.186.161.89 (Japan)

ASN45974 (NHN-AS-KR NHNCLOUD, KR)

app.cauly.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.64.134.86 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-134-86.ap-northeast-1.compute.amazonaws.com

ds.uncn.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 150 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com	484 KB
38	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 237	317 KB
14	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 405	260 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com	299 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37964 hal900021.redintelligence.net — Cisco Umbrella Rank: 260130 hal900023.redintelligence.net — Cisco Umbrella Rank: 214940	18 KB
9	criteo.net static.criteo.net — Cisco Umbrella Rank: 603 csm.eu.criteo.net — Cisco Umbrella Rank: 10389	62 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 475	6 KB
7	gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com	149 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	340 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
4	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 10282 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11316 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 19450 dis.criteo.com — Cisco Umbrella Rank: 596	21 KB
3	yahoo.com 3 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 451 ups.analytics.yahoo.com — Cisco Umbrella Rank: 326	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 561	2 KB
2	ladsp.com 2 redirects cr-p1.ladsp.com — Cisco Umbrella Rank: 76233	1 KB
2	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 82502	166 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 149
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41 ajax.googleapis.com — Cisco Umbrella Rank: 368	33 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 400	1 KB
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1434	710 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 13298	519 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1239	573 B
1	uncn.jp 1 redirects ds.uncn.jp — Cisco Umbrella Rank: 27133	511 B
1	cauly.co.kr app.cauly.co.kr — Cisco Umbrella Rank: 73153	161 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 890	416 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1188	1 KB
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1998	174 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 348	265 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2547	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 9797	469 B
171	29

	Domain	Requested by
31	pagead2.googlesyndication.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com pagead2.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net tpc.googlesyndication.com 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
22	tpc.googlesyndication.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com
17	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
15	securepubads.g.doubleclick.net	1 redirects cdn.ampproject.org www.xgcartoon.com 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
14	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	static.criteo.net	ads.eu.criteo.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	www.googletagservices.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com	cdn.ampproject.org
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal900021.redintelligence.net	1 redirects 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com hal900021.redintelligence.net
4	www.google.com	tpc.googlesyndication.com 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	hal900023.redintelligence.net	hal9000.redintelligence.net hal900023.redintelligence.net
2	sync.1rx.io	2 redirects
2	cr-p1.ladsp.com	2 redirects
2	cdn.contentspread.net	hal900021.redintelligence.net hal900023.redintelligence.net
2	ups.analytics.yahoo.com	2 redirects
2	hal9000.redintelligence.net	012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	www.googleadservices.com
2	012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	encrypted-tbn3.gstatic.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
2	encrypted-tbn0.gstatic.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	id5-sync.com
1	sync.inmobi.com	1 redirects
1	im.bluevoox.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	ds.uncn.jp	1 redirects
1	app.cauly.co.kr	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	ajax.googleapis.com	hal900021.redintelligence.net
1	csync.loopme.me	1 redirects
1	tg.socdm.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
1	match.adsrvr.org	012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
1	rtb.fr3.eu.criteo.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	encrypted-tbn1.gstatic.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	www.gstatic.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	fonts.googleapis.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	ads.eu.criteo.com	5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
171	48

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G2	`2022-09-14` - `2023-10-16`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-07-21` - `2023-10-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-27` - `2023-10-22`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-08-07` - `2023-11-05`	3 months	crt.sh
contentspread.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.cauly.co.kr Sectigo RSA Organization Validation Secure Server CA	`2023-02-17` - `2024-03-06`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Frame ID: 577ABBE8078E5FA4F49CBD901F148599
Requests: 40 HTTP requests in this frame

Frame: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: D3BAC6D1A2136E3C73483281015DDE83
Requests: 9 HTTP requests in this frame

Frame: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 0F826608C300EF37D53DDFFD6E328517
Requests: 16 HTTP requests in this frame

Frame: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: F5121F5E3850A3CBCF8375B709FF7413
Requests: 11 HTTP requests in this frame

Frame: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: F2761052293F943FCACCDF166A55BD98
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPYEeAAMX2EHg4_jAAHWR5CCjEEUOHGs6gFyEA&u=%7ClnoimJ63v24FqbuhK6zmTblrAuJD8pX8B0vXhQpvX7c%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osLx8Ldbh-4Aton7eV6vp8g7tCJCx3FWm1HIMrvDrTO0K3E4E8n7Z84FQCOOlIk1-hN-Ndeg6pKNc_Ed5j8aAKTm22Detj9WWyqVMlmchcUIZHAQ7HT1DYFSipar3fJyRciU4epjh6BSsJEx6_1cMo1IYXrAiXHO2-vPpNUCI6SzFtNjAe0QYWPQdxsRAheYUxGftsqxTw0_wl06Msjd1zp9m1RqNXPQ5vCAHOZO_mC-oCJeYqQXWixudg3kuRym4qvQ6Be5Y6BqkKXadJvfQ8XSzbuGwrpMqJ1j3CeTUFh-_zzb4xWEWFiuaN768VYTjJhGHb9oD5pjf0_zheb_872117XBGExVZJRHkQQiLU8Fruov3kNA0X0yrSWzE2IHKTRBcH4Y9biBoH9LJGbv7IW_meFbXuCZAV7qK5TIpp29Vcf_v0Xu_YrVCO-Jj5z3BI3l_udUZXnDoMhGglQamCbFP6WVhGTJUf3eOKdRO3RC3ipKVxOQALKJwxBTfydVlNvteIX0eDbj1hfIYU-71fB8VXHXukZlqHYFSc7cHem0jony-FzPQArr7BNW893Dto8hOGHq_ad84etWDrOyFKT5LbVr_CzmDhk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM4AFeAT2ZOG-MeOfjuwPx6yHQMme0rFc1Z2R93DAjbcBEAEgAGD1BYIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQJ_o-POsR6yPuACAKgDAcgDAqoEqgJP0Aspl-AsyHeThczeIONkVXyPSx_MKqDTyFawiFX_pE0sBLvI1tfgr3swMPBCiAyWwOTHGMnAX1FIqIR2uryBOAKc7GAVkQIOtMf8LL2SCTd-nuc79SEFJVDwneZPNtpzC8TudDxg-24Q7G2rHkUjj7j9AJ21Hhaw56kdieH6XdJ4ubSPOjlwB6dFHPtANHPge7tf6ocI7QVC-ZzdFR09Q5ZoQJGuk7xhVh6kqmviomgqFgldwyezkj53XC0KEtJjj1qIZ4BhuZ3AuX9n4ATYLfCL9dY_EgdoM9jSmsXvaKmEsJVUzq5JoDDI_BRFhIDZprXMQ2wCuYWjpMKH1HZ4E7OH2FqE_anK8ck-IuuFmXpE1yVFX-McPpjL7CWFb3PwmLnTVWjJ8z6A4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YFHR3d2-mRsU3IehqZC3TJ-pP_w%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 259331237F9F0110033967ED1F13C51B
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: EC9998F24B560ABD1CED37CCEC1925EE
Requests: 1 HTTP requests in this frame

Frame: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: ED5815D673B337A22A6C0F144D4318A0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/zrt_lookup.html
Frame ID: 7C88C5C9B869019C8BE69467B243A5B4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js
Frame ID: 272BFCF2026E5225320401329697E91D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DC5BFC1646D39E53F75D48A005C38E42
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F6466110D1D2ECC1D8E20DAF5EFCBCD9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
Frame ID: 7E3F833A5D08389331D2AA8982051853
Requests: 15 HTTP requests in this frame

Frame: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 21AC768BD7B90545F48CEC2C6F72F1DE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXA1yHJR71_DyPMDg7VeoMXjk5376vxGNlEbRBgaacvPg1Q_LkQ_K--VUKzJMlG0w4gm3aVWfSSJwmFMDHdGLx7jE08bg
Frame ID: 44A63B8EC2F0639FB188336325BC09AA
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F86783B2E20644BBEF80BD633649A481
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjlxojGATAB&v=APEucNWXxhvMRodKlhZ62WsAw0P7IVKZQU4wrHIzmLYeE6Ak5PHwPqJsKWslTBbX7nG_AvsDrpPSu__2yZrhBGAiclClGkGvOA
Frame ID: AC355E5B0E70FBB0FEEDE8AF42504AE8
Requests: 4 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995
Frame ID: DCA4448A39B1196B70B623487551BA25
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F54CAB348D957BC2E3FEE6EC18C2AC40
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3A7955349BC9EE4BBF20B3C1F31B2E58
Requests: 3 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=46901100147010004438270012437023&a=934b62af
Frame ID: 9D4AEA6075AA317F8B3FBB318463F2A9
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C41601C29D097C9A8910802C23D81B93
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B5CCC4AF82D3EA450EA5B74AF8061E88
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2A567BA419CE8016DFC297A0EBAC3C8C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍱首席御靈師【國語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

171
Requests

91 %
HTTPS

49 %
IPv6

29
Domains

48
Subdomains

37
IPs

9
Countries

2152 kB
Transfer

5173 kB
Size

26
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 88

https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca4n8eQT2ZN7sCaGVjuwP0fqH6A3h3JffcqLry_foELnetMeEOhABINPLzjBg9QWgAfO5r5wByAEJ4AIAqAMByAPbBKoElwJP0IMKQyLWg6ycaiMnWaf1WWhjsOudw4zLCn5m_j4ieojiKNFS48QdPatktbUidiVUz1BVXE4Mwgb8rvJ0KfTypXtRc-JZQgmnFEgg6RiLfBhXrEOOfBVfQ2QE-5DM3CevZgVVPS8yr0WbI6LxRn-tdX6A61hLRSH9CAr6bWTHNM5ZI9DB6iX_m2QZ5QbOtRJBKk0gyVSX75Ps70Q6MpgPx3C-sHAWch0kC4jIAj5NBJR-EP8PQAcmh9p08tTVX1zE4mgirfn-8EOJT3mKzq0D6nTQIEbXO_9NGxyx3JF-9kr0rhazhqJd3lGAFgGG1kf71OkNxq4ab64ho9yQ_g_a-WMmh5-qXBmRtPGSTbOriUVuUxe_t1TABJnV5d2pBOAEAYgFlvDF_UmSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH_82HjwSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJU2h0dHBzOi8vd3d3Lndpc2guY29tP2ZpbHRlcj1yZWFjaC1jaWRzLTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC1mcm9tX2FkLTE5ODU5NjE4MzMygAoDyAsB2gwRCgsQsOfPzorI_p-7ARICAQPYEwvQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=-BaYtbV6fSg&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWIFEk_GK4EmPiU-vflC-tXALLJBtc_RgB&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdbf1f63c209193730000000000000000%22,%222%22:%220x5c929c7fc40f1c8a0000000000000000%22,%223%22:%220x57fddfe0e8ef1ec30000000000000000%22,%224%22:%220x9b8d90facb1b049e0000000000000000%22,%225%22:%220xd60cdeac67b7c4de0000000000000000%22},%22debug_key%22:%2213533272625130241783%22,%22debug_reporting%22:true,%22destination%22:%22https://wish.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22327933171%22],%224%22:[%2209-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210437785440223688065%22}&andc=true

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPYEejBdYvzKQFFqKQApEgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

Request Chain 120

https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4243220868731&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4243220868731&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

Request Chain 134

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPYEejBdYvzKQFFqKQApEgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

Request Chain 140

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPI33ZNr4s4fRkQwwmg3sDM&google_cver=1&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU27ZXI2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU27ZXI2&google_hm=eS1hTVQ2dE9CRTJwRnlyNU5UTjhlbHIuUlpUSmQ5MmlzT35B

Request Chain 141

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_cver=1&google_push=AXcoOmTtOislz1bU3pyCQMFXC5vGRm8v_GCy5BZw0FAa4UaodEW45vO7j0Jl0_UEMtV0CGffiRi9_b-QCEf6SBeuwzVeHvA76i8a HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_hm=ZPYEejBdYvzKQFFqKQApEgAACHwAAAAB&google_nid=index&google_push=AXcoOmTtOislz1bU3pyCQMFXC5vGRm8v_GCy5BZw0FAa4UaodEW45vO7j0Jl0_UEMtV0CGffiRi9_b-QCEf6SBeuwzVeHvA76i8a

Request Chain 142

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEEFRH7kz7qSy0_r8iyUZ3Mo&google_cver=1&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35&google_hm=WlBZRWZNQ284WU1BQUxiNy1wUUFBQUFB

Request Chain 143

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL2irfbWziJZEZzBSeJp0Og&google_cver=1&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmgvabY0Ia1aEE-FhrjAK-eyZgjsI4g HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL2irfbWziJZEZzBSeJp0Og&google_cver=1&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmgvabY0Ia1aEE-FhrjAK-eyZgjsI4g&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GRTdnQ0hoRTJ1RktlZllxM0JGcFdJUGhfUHNCbnd6R35B&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmgvabY0Ia1aEE-FhrjAK-eyZgjsI4g

Request Chain 144

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEITjgbXr7HsOz9lPdGLXaLY&google_cver=1&google_push=AXcoOmQvpo9hU55dxRVR8Pd2PB-0DWxxXxghRjKDg4d9b0COvD7V8sucFCdu-LcZhEPK5QzM-XHj6EvfgbMd7HtMwwbkB5L6hLAt HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=568b108a-7ee1-4be3-b9eb-148b8eb3b655&google_cver=1&google_gid=CAESEITjgbXr7HsOz9lPdGLXaLY&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmQvpo9hU55dxRVR8Pd2PB-0DWxxXxghRjKDg4d9b0COvD7V8sucFCdu-LcZhEPK5QzM-XHj6EvfgbMd7HtMwwbkB5L6hLAt&gdpr=${GDPR}

Request Chain 161

https://cr-p1.ladsp.com/cookiesender/1?google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_gid=CAESEJuQoASoXPrOciLFHZwlKAA&google_cver=1 HTTP 302
https://cr-p1.ladsp.com/cookiesender/1?cr=true&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_gid=CAESEJuQoASoXPrOciLFHZwlKAA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonet&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_hm=AdDujtLbrX6Dks8AD7MO4UFalMA

Request Chain 164

https://ds.uncn.jp/doubleclick/0/sync_push?google_gid=CAESEAjP8Y9bJVXnJJy7AjvlBg4&google_cver=1&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7z4w6xko75E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=unicorn&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7z4w6xko75E&google_hm=AdD6TA047E8QvIAKgKtRgRY

Request Chain 165

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEIKvImfX1L2pII-cfeeM618&google_cver=1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1693844603735 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-1da18754-9ccd-4353-bdf5-44c2c348a17d-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE%26google_hm%3DAx2hh1SczUNTvfVEwsNIoX0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&google_hm=Ax2hh1SczUNTvfVEwsNIoX0

Request Chain 166

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEHhmsQ68CkwxoPjG2_D3Oxo&google_cver=1&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3NHJ3pXzX4QJxrJz3Fs6uqsKaX5FQ8oNf-6KDYdlFKm4KQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3NHJ3pXzX4QJxrJz3Fs6uqsKaX5FQ8oNf-6KDYdlFKm4KQ&google_hm=QlMuNTMzMi1jMjY4LTRmY2UtYjc3Mg==

Request Chain 167

https://sync.inmobi.com/gob?google_gid=CAESEKYp9B_dBxPIDWrdJtkrYck&google_cver=1&google_push=AXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBDJ_9qd_nxAHiMpV6xfiK7P4mLQB1VIEh4Ss21LtdCDP4li7dF_feqxg HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBDJ_9qd_nxAHiMpV6xfiK7P4mLQB1VIEh4Ss21LtdCDP4li7dF_feqxg

171 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request shouxiyulingshiguoyu-qingshangguyue Show response
www.xgcartoon.com/detail/ 87 KB
18 KB 1017ms
434ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c254d681499648d046f0843aee607dcdddba35af6222f12335f3591d23cfc7f5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 04 Sep 2023 16:23:20 GMT
etag: "15a26-HcIs4SvF6IdgkKICIImcFnxbHuU"
expires: Mon, 04 Sep 2023 16:24:20 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 277 KB
72 KB 80ms
30ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72923
x-xss-protection: 0
server: sffe
etag: "8f05ddb4de6114d6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 101ms
51ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23145
x-xss-protection: 0
server: sffe
etag: "1e24d49ff16f97fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 120ms
74ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9421
x-xss-protection: 0
server: sffe
etag: "56ca3e5770e137fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 49 KB
15 KB 109ms
63ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14971
x-xss-protection: 0
server: sffe
etag: "675440b55a1b9283"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 129ms
84ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15359
x-xss-protection: 0
server: sffe
etag: "f6812c8625865ef6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 105ms
59ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4778
x-xss-protection: 0
server: sffe
etag: "3b7d847d5c21773c"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10348
x-xss-protection: 0
server: sffe
etag: "279670ab552e383b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 16:23:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32193
x-xss-protection: 0
server: sffe
etag: "473971c650298c2f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 04 Sep 2023 16:23:20 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
469 B 230ms
172ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 80179390cda9839d-MXP
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 229ms
228ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Mon, 04 Sep 2023 16:26:20 GMT

GET
H2 200 shouxiyulingshiguoyu-qingshangguyue.jpg
static-a.xgcartoon.com/cover/ 137 KB
137 KB 1106ms
999ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shouxiyulingshiguoyu-qingshangguyue.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f843b9b99d051f8dcf9ad42740619cc8224c58dde01b46ab29c67327be31e5b3

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Dec 2022 06:55:40 GMT
server: cloudflare
etag: "EFE945C86DF73C3746E7D42D19CAA555"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 801793922d1b0e23-MXP
content-length: 140402
expires: Wed, 06 Sep 2023 02:39:26 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 230ms
229ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Mon, 04 Sep 2023 16:26:20 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 231ms
230ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Mon, 04 Sep 2023 16:26:20 GMT

GET
H2 200 yinianyongheng_di1jiguoyu-suxiaoguang.jpg
static-a.xgcartoon.com/cover/ 10 KB
11 KB 883ms
777ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/yinianyongheng_di1jiguoyu-suxiaoguang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6b2a8ee0432e27f9e26a971ee5b2528ae54acfa99ea13ba896afd150fa2bbed

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 30 Oct 2022 02:52:27 GMT
server: cloudflare
etag: "1BADB242185B3D2FA98AB7A9EEBFEDA5"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 801793922d1d0e23-MXP
content-length: 10723
expires: Thu, 07 Sep 2023 05:39:32 GMT

GET
H2 200 wodedizibianbuzhutianwanjie_dongtaimanhua-shikong.jpg
static-a.xgcartoon.com/cover/ 81 KB
82 KB 134ms
28ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wodedizibianbuzhutianwanjie_dongtaimanhua-shikong.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6664843c3db49d83c6366bbba164c8dd2d6581f3fdb4b551c4b5329d8705de3

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
cf-cache-status: HIT
last-modified: Wed, 07 Dec 2022 02:24:20 GMT
server: cloudflare
age: 104615
etag: "B6527DE036A18CAE751AF83BCD6AE610"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 801793922d1f0e23-MXP
content-length: 83378
expires: Mon, 04 Sep 2023 04:27:17 GMT

GET
H2 200 tunshixingkongdi1jiguoyu-wochixihongshi.jpg
static-a.xgcartoon.com/cover/ 16 KB
16 KB 828ms
722ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/tunshixingkongdi1jiguoyu-wochixihongshi.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8ad8b0f4ee3eb4d9ced86b734c121f6c2457f4f7b1e996fdbbe6e1bdfd41c78

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Mon, 31 Oct 2022 10:47:06 GMT
server: cloudflare
etag: "FD0D08C4F24BE9B43A40850B531A6C8A"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 801793922d200e23-MXP
content-length: 16149
expires: Thu, 07 Sep 2023 04:05:10 GMT

GET
H2 200 shenyinwangzuoguoyu-tangjiasanshao.jpg
static-a.xgcartoon.com/cover/ 19 KB
19 KB 351ms
245ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shenyinwangzuoguoyu-tangjiasanshao.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4f56080dfe600be5d04ab1bf27117aba83605a12d0387a0d5cd96d6c422aee

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:20 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Tue, 18 Oct 2022 02:00:33 GMT
server: cloudflare
etag: "346059FD71E4544A5D59B64B58345CA3"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 801793922d210e23-MXP
content-length: 19163
expires: Thu, 07 Sep 2023 04:36:43 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 8 KB
3 KB 79ms
34ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 503471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2971
x-xss-protection: 0
server: sffe
etag: "81fe35e806c986f9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
DATA 200
OK truncated
/ 595 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 237 KB
63 KB 29ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:24 GMT
age: 503456
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64176
x-xss-protection: 0
server: sffe
etag: "53ca58918b9d6396"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:24 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 12 KB
4 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 503471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3937
x-xss-protection: 0
server: sffe
etag: "256c2c03e8e2f982"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 489ms
418ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6433000522&ga_cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ga_hid=522&dt=1693844600677&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&bdt=309&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

340c3bbc2695a4f6d88cbbbeeb0f18e2fb3a56cc6b57be4a95c68a753004a993

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13973
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: COHa8e2ukYEDFeOPgwcdR9YBCA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 04 Sep 2023 16:23:21 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 129 KB
40 KB 802ms
732ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=801&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6433000522&ga_cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ga_hid=522&dt=1693844600677&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&bdt=309&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7446d4f45b9d73dd7b8eddf0b52882ab1805f9ce5b296d217a93657bf4c8fac9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 232x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40107
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CJ6Nh-6ukYEDFaGKgwcdUf0B3Q
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 04 Sep 2023 16:23:21 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 949ms
880ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6433000522&ga_cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ga_hid=522&dt=1693844600677&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&bdt=309&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0542e502a6a852517dd388a2692d40d44b6486f18927a78041e2b8dac577b4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x250
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13022
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CP-A8e2ukYEDFY-TgwcdmIwOMQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 107027454513
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 04 Sep 2023 16:23:21 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 1111ms
1042ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6433000522&ga_cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ga_hid=522&dt=1693844600677&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&bdt=309&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7ecaf11c1ea0f4476d32c0ac1d45db14a52a625b20faf6cfbb878af35f3f55f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23264
x-xss-protection: 0
google-lineitem-id: 6350518038
x-qqid: CMaK8e2ukYEDFUMCiwod-LQIpw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138440647307
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 04 Sep 2023 16:23:21 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 38 KB
16 KB 1296ms
1227ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=6433000522&ga_cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ga_hid=522&dt=1693844600678&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&bdt=310&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

602958568edb154a5bc2c61df8871203270a7f7ff7e9ffdf770327de27ab9f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampanalytics: {"url":["https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstO_Jv9RolEddfUXakp3bWAQkhGtuRvY6m-hafPgSnPUlkbRVYQuvYL6xz4iH8HR4_Utz7ZIC-XsbR9eKO1Gy2lPydBJxqWYOmmKUDzO4EPOmfauOUkFAmChtNax6mmYSyME94fS_Xl0w\u0026sai=AMfl-YT9FXg_asMkYc9nqVZsiu7mXWCn8u_PM6TkfzqOXbEUmtxy4bPiYQogCPQYQxfrMVN4uuvrqnYOzDcf\u0026sig=Cg0ArKJSzFxTiL-CLQ-UEAE\u0026cid=CAQSGwBpAlJW5ipkQrXVG-yPcmVuULbvVV_qr27PYxgB\u0026id=ampim\u0026o=${elementX},${elementY}\u0026d=${elementWidth},${elementHeight}\u0026ss=${screenWidth},${screenHeight}\u0026bs=${viewportWidth},${viewportHeight}\u0026mcvt=${maxContinuousVisibleTime}\u0026mtos=0,0,${maxContinuousVisibleTime},${maxContinuousVisibleTime},${maxContinuousVisibleTime}\u0026tos=0,0,${totalVisibleTime},0,0\u0026tfs=${firstSeenTime}\u0026tls=${lastSeenTime}\u0026g=${minVisiblePercentage}\u0026h=${maxVisiblePercentage}\u0026tt=${totalTime}\u0026r=v\u0026avms=ampa\u0026uap=${uach(platform)}\u0026uapv=${uach(platformVersion)}\u0026uaa=${uach(architecture)}\u0026uam=${uach(model)}\u0026uafv=${uach(uaFullVersion)}\u0026uab=${uach(bitness)}\u0026uafvl=${uach(fullVersionList)}\u0026uaw=${uach(wow64)}\u0026adk=156774037"],"btrUrl":[]}
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14886
x-xss-protection: 0
amp-fast-fetch-signature: google:1:QuEdvnLxVVRaFXb/t8MTpOgxc4t60toqd1oHgQvs850i/7lEw5mqJUkWtnKfR2DkaojV71vW4+10OmCNXD722ghLwMVb6gje6GNCPGOjAbfyCrhQU4j0WLXQDKfTilgARJMQwGE/n2ko6MmaFauyzGSx0LLAEYxTqjL8y0dBYOosv7VGpl2/I0mAYbUB7mxoGRkaohZMpypdyPn/se4NS8wXnh35ubG8jJ5Ni93sOfrQfpFMeHgNVfJ9v7JTDQBuZTutTjxwN3DR4AblzpJAScUnjGMJwPvNGM+j12/FNZ2OwBcJUc7yR2D5t2+TjdXbsVSIHqErtxbCLmTR2je1MQ==
google-lineitem-id: -1
x-qqid: CKSfre6ukYEDFcbsdwod3i8GBg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-AmpAnalytics,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender,x-google-amp-ad-validated-version,AMP-Fast-Fetch-Signature
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 04 Sep 2023 16:23:21 GMT

GET
H2 200 container.html
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 111ms
28ms Other
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/ 2 KB
886 B 21ms
20ms Fetch
application/json 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:04 GMT
age: 503477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "0fc0eb4a65ca6481"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:04 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 230ms
230ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:21 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Mon, 04 Sep 2023 16:26:21 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 92ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=522&cid=amp-JZUNo6GIPy4lZY3GU3lhXQ&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&dr=&dt=%F0%9F%8D%B1%E9%A6%96%E5%B8%AD%E5%BE%A1%E9%9D%88%E5%B8%AB%E3%80%90%E5%9C%8B%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1693844602&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D3BA 6 KB
3 KB 28ms
28ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:21 GMT
expires: Tue, 03 Sep 2024 16:23:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0F82 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:21 GMT
expires: Tue, 03 Sep 2024 16:23:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F512 6 KB
3 KB 23ms
23ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:21 GMT
expires: Tue, 03 Sep 2024 16:23:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F276 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:21 GMT
expires: Tue, 03 Sep 2024 16:23:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 2593 51 KB
20 KB 122ms
58ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPYEeAAMX2EHg4_jAAHWR5CCjEEUOHGs6gFyEA&u=%7ClnoimJ63v24FqbuhK6zmTblrAuJD8pX8B0vXhQpvX7c%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osLx8Ldbh-4Aton7eV6vp8g7tCJCx3FWm1HIMrvDrTO0K3E4E8n7Z84FQCOOlIk1-hN-Ndeg6pKNc_Ed5j8aAKTm22Detj9WWyqVMlmchcUIZHAQ7HT1DYFSipar3fJyRciU4epjh6BSsJEx6_1cMo1IYXrAiXHO2-vPpNUCI6SzFtNjAe0QYWPQdxsRAheYUxGftsqxTw0_wl06Msjd1zp9m1RqNXPQ5vCAHOZO_mC-oCJeYqQXWixudg3kuRym4qvQ6Be5Y6BqkKXadJvfQ8XSzbuGwrpMqJ1j3CeTUFh-_zzb4xWEWFiuaN768VYTjJhGHb9oD5pjf0_zheb_872117XBGExVZJRHkQQiLU8Fruov3kNA0X0yrSWzE2IHKTRBcH4Y9biBoH9LJGbv7IW_meFbXuCZAV7qK5TIpp29Vcf_v0Xu_YrVCO-Jj5z3BI3l_udUZXnDoMhGglQamCbFP6WVhGTJUf3eOKdRO3RC3ipKVxOQALKJwxBTfydVlNvteIX0eDbj1hfIYU-71fB8VXHXukZlqHYFSc7cHem0jony-FzPQArr7BNW893Dto8hOGHq_ad84etWDrOyFKT5LbVr_CzmDhk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM4AFeAT2ZOG-MeOfjuwPx6yHQMme0rFc1Z2R93DAjbcBEAEgAGD1BYIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQJ_o-POsR6yPuACAKgDAcgDAqoEqgJP0Aspl-AsyHeThczeIONkVXyPSx_MKqDTyFawiFX_pE0sBLvI1tfgr3swMPBCiAyWwOTHGMnAX1FIqIR2uryBOAKc7GAVkQIOtMf8LL2SCTd-nuc79SEFJVDwneZPNtpzC8TudDxg-24Q7G2rHkUjj7j9AJ21Hhaw56kdieH6XdJ4ubSPOjlwB6dFHPtANHPge7tf6ocI7QVC-ZzdFR09Q5ZoQJGuk7xhVh6kqmviomgqFgldwyezkj53XC0KEtJjj1qIZ4BhuZ3AuX9n4ATYLfCL9dY_EgdoM9jSmsXvaKmEsJVUzq5JoDDI_BRFhIDZprXMQ2wCuYWjpMKH1HZ4E7OH2FqE_anK8ck-IuuFmXpE1yVFX-McPpjL7CWFb3PwmLnTVWjJ8z6A4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YFHR3d2-mRsU3IehqZC3TJ-pP_w%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

27dab8ad0a57976e7c50a9dc754a3bcdd9c76164d3d73ec27a211a573785e14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:21 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=5ljylQdhPF88eKm0bZghejs4-GFvGqwV8vhgsfXWc1THQkfOqQDRdkSFPvC_lJcIHZhT5dhvLX9dgcrUbmmlbUXvuySxvI0XrHTPC4AWKIBTXF0a5mWKPeup3gO2DWoiCR1SKK9mU5agYmNvhQIwt99vTo9WtbRugbhURqlHQAWI9qNbvH9EVEr4NTXhNryySdBEk9hfbz7InFCGylWtLreO-L3MFw6L5F5TQsDDbKG1wsYXaT8d8RxfguscKl3jGoh1kw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2710021
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame D3BA 3 KB
1 KB 104ms
48ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 12:07:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 12:07:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame D3BA 20 KB
8 KB 77ms
22ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D3BA 24 KB
7 KB 80ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 352930
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 30 Aug 2024 14:21:12 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D3BA 181 KB
57 KB 89ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0F82 2 KB
975 B 83ms
29ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 15:57:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 0F82 2 KB
945 B 89ms
48ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/ Frame 0F82 23 KB
9 KB 82ms
43ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/abg_lite_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 0F82 3 KB
1 KB 86ms
47ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 12:07:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 12:07:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 0F82 20 KB
8 KB 67ms
28ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F82 181 KB
57 KB 111ms
74ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 3c1ec1505caf618a1f8c049839112e9c.js Show response
www.gstatic.com/mysidia/ Frame 0F82 36 KB
15 KB 77ms
22ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15058
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 22:08:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 30 Nov 2023 01:09:15 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0F82 29 KB
29 KB 109ms
39ms Image
image/jpeg 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRlTEI5d21Q5ctckwkauDUqHfqb6UT1S9U7xCJVwLWc5OqEDt4&usqp=CAI

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0fc231199496aedb9ecd5815761c55a2b598fbceafdafa8d00af9d8fc05209d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 07:52:41 GMT
x-content-type-options: nosniff
age: 203441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30011
x-xss-protection: 0
last-modified: Sat, 28 Jan 2023 09:11:50 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 01 Sep 2024 07:52:41 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 0F82 23 KB
23 KB 72ms
20ms Image
image/jpeg 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcS5S6-Qo7xa7jFQX_QJKqUMGxrCL5rl19GrhKCf6qEehHJahcWJ&usqp=CAI

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab0fe83381aff56de38281a61543ed3a063271d1f5bbb914f42cee11f5be2680

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 19:16:38 GMT
x-content-type-options: nosniff
age: 421604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23499
x-xss-protection: 0
last-modified: Fri, 22 Jul 2022 04:52:41 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 29 Aug 2024 19:16:38 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 0F82 23 KB
24 KB 90ms
21ms Image
image/jpeg 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSLL5qRUl8gCo1lTImNypVqy8QDaryC8BaTOALXTT6LS_X0x2hjdYBPS0EgYQ&usqp=CAI

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52f0fc340ac8d12eb2eccc8aee4a8dd6420a69b903acc187f0d87b338b64a2d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 11:30:54 GMT
x-content-type-options: nosniff
age: 535948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23714
x-xss-protection: 0
last-modified: Mon, 04 Sep 2023 06:25:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 28 Aug 2024 11:30:54 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 0F82 27 KB
27 KB 83ms
21ms Image
image/jpeg 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSR15IgrTIa8DjSWsEG0t84UVbcVNXGAhEHfkLz3kna-JJD4eOnwtPA_R1UFA&usqp=CAI

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94a80fe5c25636e4f83eae9987c63b9e677bed9b90725fd4a382610b8b2ffba2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 05:19:49 GMT
x-content-type-options: nosniff
age: 299013
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27264
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 02:11:25 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 31 Aug 2024 05:19:49 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 0F82 9 KB
9 KB 102ms
41ms Image
image/png 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTqJeF-eSLpzE6IaXYPohiRQh3-CXXNLpnudT3Pk-VqwikT1eY&usqp=CAI

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baa98afee58b3e6aded4673cb1c88f8d9154e3553dfa2b3f23cfb219c375aa95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 07:00:50 GMT
x-content-type-options: nosniff
age: 206552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9550
x-xss-protection: 0
last-modified: Tue, 02 Aug 2022 19:40:02 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 01 Sep 2024 07:00:50 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame F512 24 KB
6 KB 63ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:21:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 352930
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 30 Aug 2024 14:21:12 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame F512 18 KB
8 KB 129ms
74ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d256658a31f51f215dc49261ae640065c44f08e9c94f0d8b73b88fff914d77fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7904
x-xss-protection: 0
server: cafe
etag: 10096072017280826774
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F512 181 KB
57 KB 107ms
86ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F276 98 KB
29 KB 104ms
103ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b607c49fd45e723e372d73bc0045b525359857e0c59fb01f06b3ded286aad0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28973
x-xss-protection: 0
server: cafe
etag: 872 / 19604 / m202308290101 / config-hash: 15830000896466728742
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F276 181 KB
57 KB 74ms
69ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F276 0
461 B 59ms
58ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumIKwwnXMWU9GHK0EGB7sF20pb6NRDQQubDzS_lY71aS3CUqgh5pZQnpYfwjIlFrv8jbU4xbLcb_hWu6RfQOHOdukaJVzgrglaLbcGc7Bi_pLozfOfmjxX89ao5kvZCTlJSP2YYZwRKGSjtoGjGUH4FiKLewd0F5IVcVaQT7esCb3PkGXCeqBWXwg9UOhwNDB3XR9q6Gei1aikkRx7IBRxImhTQ-g78CHzL1TpAY3WyfYjaKQg9lkV__osShqLkgLX3MncCfDpMl0AfS7cILoYEDT9UTH-4eavufAwnHws-Yq01XFfTvHudF3HjCqBXhIo55v8YKBBIUY6QPdXFEKyBAGiMai7-hTQAeqIZEqex4U&sai=AMfl-YQHsMrCVdDlWp-UetWsYOkQLLninj883kLuvPvlPL6KEvWk5RENrmbiBpW_996JvPy97UxCS3Yx2QsFM0U&sig=Cg0ArKJSzBvrtrlX0ygKEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H3 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 19 KB
7 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-exit-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0f0dd1b398b946a89d67c9dab7d24996499f9a28f22e29e4165125edf5d1734

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:07 GMT
age: 503475
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6635
x-xss-protection: 0
server: sffe
etag: "46dcbbb80309d4df"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:07 GMT

GET
H3 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 7 KB
2 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-fit-text-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0348978a435efe42a3f0032226082bc4aedb9c569a9f387e8843a468c455c189

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:07 GMT
age: 503475
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2507
x-xss-protection: 0
server: sffe
etag: "1b33f8c072686442"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:07 GMT

GET
DATA 200
OK truncated
/ Frame EC99 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c36a2fffbe6cec3fe6b03afcc0831f5a750464bc11a72326b71fb5f6faf6d98

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D3BA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7edbe41770b658fd010c797a8a3f09f57e255827a8d378f7e01f555684cbcf91

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F512 0
29 B 60ms
60ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstSVO9BJzGG3BrvKsr7DigyYQAeDKrRbWsu1gOvsD0Ob3hgkdBc6S8KjxCzatERPa1eQ7enLDP6FKb3mYg75myuiMYW1AQzRJrksP3Jnwk0YbOZ7_4yNXh_ulOPedBiofwzFXesmk52EB1yKjf16s-7RKMrolNkNbfQbjzWHYMxrfV9H-0nwXR2d5q_S7RBOXaHKrbyHgZNEl4kjgY2Yb9hydVD-EHY51enbVTIMRB_0SJOcpQcDo_BP5Lai4e_re5awTd6fRrq8K0-k_pUl91DR0n-FQZDfsP3qGLlOTMgaDe4wHb2D2qbRDBtQrUvXX4TZ5ahGmJXd4RLbkawBUYepioCU_w30UnHGeBr&sai=AMfl-YRhv48CLXMnvGmHLRBU3wm_h0R4ko8BD90xLGDxmkWNSw3I12nvfl9jZtF-Rr_avZjkB04PSw6CMDukEFs&sig=Cg0ArKJSzIyFD2ruIf7JEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
DATA 200
OK truncated
/ Frame 0F82 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a31712568fcb02279df10f259faeacfb85ddb38fa08ab538f45a88fe5f2f3986

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 2593 2 KB
1 KB 112ms
38ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPYEeAAMX2EHg4_jAAHWR5CCjEEUOHGs6gFyEA&u=%7ClnoimJ63v24FqbuhK6zmTblrAuJD8pX8B0vXhQpvX7c%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osLx8Ldbh-4Aton7eV6vp8g7tCJCx3FWm1HIMrvDrTO0K3E4E8n7Z84FQCOOlIk1-hN-Ndeg6pKNc_Ed5j8aAKTm22Detj9WWyqVMlmchcUIZHAQ7HT1DYFSipar3fJyRciU4epjh6BSsJEx6_1cMo1IYXrAiXHO2-vPpNUCI6SzFtNjAe0QYWPQdxsRAheYUxGftsqxTw0_wl06Msjd1zp9m1RqNXPQ5vCAHOZO_mC-oCJeYqQXWixudg3kuRym4qvQ6Be5Y6BqkKXadJvfQ8XSzbuGwrpMqJ1j3CeTUFh-_zzb4xWEWFiuaN768VYTjJhGHb9oD5pjf0_zheb_872117XBGExVZJRHkQQiLU8Fruov3kNA0X0yrSWzE2IHKTRBcH4Y9biBoH9LJGbv7IW_meFbXuCZAV7qK5TIpp29Vcf_v0Xu_YrVCO-Jj5z3BI3l_udUZXnDoMhGglQamCbFP6WVhGTJUf3eOKdRO3RC3ipKVxOQALKJwxBTfydVlNvteIX0eDbj1hfIYU-71fB8VXHXukZlqHYFSc7cHem0jony-FzPQArr7BNW893Dto8hOGHq_ad84etWDrOyFKT5LbVr_CzmDhk&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCM4AFeAT2ZOG-MeOfjuwPx6yHQMme0rFc1Z2R93DAjbcBEAEgAGD1BYIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQJ_o-POsR6yPuACAKgDAcgDAqoEqgJP0Aspl-AsyHeThczeIONkVXyPSx_MKqDTyFawiFX_pE0sBLvI1tfgr3swMPBCiAyWwOTHGMnAX1FIqIR2uryBOAKc7GAVkQIOtMf8LL2SCTd-nuc79SEFJVDwneZPNtpzC8TudDxg-24Q7G2rHkUjj7j9AJ21Hhaw56kdieH6XdJ4ubSPOjlwB6dFHPtANHPge7tf6ocI7QVC-ZzdFR09Q5ZoQJGuk7xhVh6kqmviomgqFgldwyezkj53XC0KEtJjj1qIZ4BhuZ3AuX9n4ATYLfCL9dY_EgdoM9jSmsXvaKmEsJVUzq5JoDDI_BRFhIDZprXMQ2wCuYWjpMKH1HZ4E7OH2FqE_anK8ck-IuuFmXpE1yVFX-McPpjL7CWFb3PwmLnTVWjJ8z6A4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YFHR3d2-mRsU3IehqZC3TJ-pP_w%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 2593 2 KB
1 KB 193ms
118ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 2593 308 B
637 B 69ms
36ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 2593 293 B
621 B 70ms
37ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 2593 43 B
348 B 96ms
28ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=y5dqtAutJvklX78xyGDUIOhooy1zawMws2z8RrYLMXBeu5dxW3vMlVnmODuXqmzsHDbV6sfE1tL7YJiky1vlv_epvkug862qV427PHjUKImvQ1LCK-q2phiv82i1FIcaMFP06nqRa9qEfHugNA3Y4EgK4Ux1MY9vaMURwsX5AOxn5IPtasEErvKV92eaRjB5ilfQr-Kf7sOHBYT-kDIuDu5R6txCMumZKULUnl-PrSONhocH8yz1Pfygt1drRrBeV_9IIgdU8pzIivqWUwR7oav00e4HVKEGyyqfCXONvSnKQ6BVBa2_d-Xb1wOhkQfpRaSaUrhPcppwakiZ8H9kLBCbcjwVeKiG1wmUtiiOWGZX64rdlasNyGFgwlaYmDwRftqNdSj9JZT-mRmmxHtv4-G6FmvtQt_k8Z12tGVXiESu252ec8_NDupZ9PA9DAtfNRYEomUM_C4qYjNfhPTXbLvl9KLNBqLCo5a9U97hZo6NXTxQeaxUy9DDqe99vzyVU96vAZqnFN8D4MnMPZgyAfFclnU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:21 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1764897
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 67bdb57857c94b1f9c280338c8d8a493_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4936843/ Frame 2593 55 KB
56 KB 109ms
77ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4936843/67bdb57857c94b1f9c280338c8d8a493_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e8f112bda71f3dcdf6fbd49cbbc228937f89bffdd0da5f4f6915203119d48bf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 06:41:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f18797-dcc3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 56515
expires: Thu, 29 Aug 2024 16:23:22 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2593 0
128 B 84ms
26ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=5ljylQdhPF88eKm0bZghejs4-GFvGqwV8vhgsfXWc1THQkfOqQDRdkSFPvC_lJcIHZhT5dhvLX9dgcrUbmmlbUXvuySxvI0XrHTPC4AWKIBTXF0a5mWKPeup3gO2DWoiCR1SKK9mU5agYmNvhQIwt99vTo9WtbRugbhURqlHQAWI9qNbvH9EVEr4NTXhNryySdBEk9hfbz7InFCGylWtLreO-L3MFw6L5F5TQsDDbKG1wsYXaT8d8RxfguscKl3jGoh1kw&sds=2&rev=88100&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 04 Sep 2023 16:23:21 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 2593 2 KB
1 KB 59ms
38ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 2593 2 KB
1 KB 82ms
80ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:23:22 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F512 143 KB
49 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba690c47ed9348115b0382e0a530698e1899a8e5f9752d3065235e9d560e0610

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50399
x-xss-protection: 0
server: cafe
etag: 8443484181581778209
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/ Frame F276 403 KB
127 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2394d12e4577671d6d8a98826b3712c6c321b2d3fdc67d335ee329415631cebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:01:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8494
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129682
x-xss-protection: 0
server: cafe
etag: 12917394590533080382
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 03 Sep 2024 14:01:48 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 0F82 20 KB
21 KB 68ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 09:20:48 GMT
x-content-type-options: nosniff
age: 198154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 09:20:48 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F276 26 KB
12 KB 353ms
353ms Fetch
text/plain 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1077920515519116&correlator=2199040960020588&eid=31076398&output=ldjh&gdfp_req=1&vrg=202308290101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com&abxe=1&dt=1693844602304&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=87gogxavme5f&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fshouxiyulingshiguoyu-qingshangguyue&loc=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1693844601994&idt=291&prev_scp=in2w_key9001%3D1%26in2w_key%3D91%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D91%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=3890575363&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0dae460fd23593858fc01eb27acda643ffedcb579133145a8aed3dedf957aedb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12222
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame ED58 6 KB
3 KB 43ms
28ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:22 GMT
expires: Tue, 03 Sep 2024 16:23:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D3BA 0
0 64ms
64ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7DILeAT2ZOG-MeOfjuwPx6yHQMme0rFc1Z2R93DAjbcBEAEgAGD1BYIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQJ_o-POsR6yPuACAKgDAcgDAqoEpwJP0Aspl-AsyHeThczeIONkVXyPSx_MKqDTyFawiFX_pE0sBLvI1tfgr3swMPBCiAyWwOTHGMnAX1FIqIR2uryBOAKc7GAVkQIOtMf8LL2SCTd-nuc79SEFJVDwneZPNtpzC8TudDxg-24Q7G2rHkUjj7j9AJ21Hhaw56kdieH6XdJ4ubSPOjlwB6dFHPtANHPge7tf6ocI7QVC-ZzdFR09Q5ZoQJGuk7xhVh6kqmviomgqFgldwyezkj53XC0KEtJjj1qIZ4BhuZ3AuX9n4ATYLfCL9dY_EgdoM9jSmsXvaKmEsJVUzq5JoDDI_BRFhIDZprXMQ2wCuYWjpMKH1HZ4E_GF-cgDcjXZTlUqgTu4P4JNwy_zVc0EvCwD0YN30G3cgDx50Xt24AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=xMRTb28yNXU&uach_m=[UACH]&cid=CAQSGwBpAlJWU5s0-XKUu2GhQWiMN2Yg8YlGvyICKhgB&cbvp=2&vis=1
Requested by: Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame D3BA 0
126 B 135ms
37ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRB4BPZku6pC1N8TF-KSAgAAEgAACgpBUVVERHdFUER3&wp=ZPYEeAAMX2EHg4_jAAHWR5CCjEEUOHGs6gFyEA&cbvp=2

Requested by

Host: 5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 165589
server: Kestrel
content-length: 0

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/ Frame F512 377 KB
128 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_fy2021.js?bust=31077588

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b34aab2c954c232742d6717bd760659ceac0b34c766936ee760257a2c539f32f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131227
x-xss-protection: 0
server: cafe
etag: 5076642963528624636
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/ Frame 7C88 10 KB
5 KB 71ms
20ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 84763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 16:50:39 GMT
etag: 9878862242593084568
expires: Sun, 17 Sep 2023 16:50:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 0F82
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca4n8eQT2ZN7sCaGVjuwP0fqH6A3h3JffcqLry_foELnetMeEOhABINPLzjBg9QWgAfO5r5wByAEJ4AIAqAMByAPbBKoElwJP0IMKQyLWg6ycaiMnWaf1WWhjsOudw4zLCn5m_j4ieoji...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdbf1f63c209193730000000000000000%22,%222%22:%220x5c929c7fc40f1c8a0000000000000000%22,%223%22:%220x57fddf...

0
0

98ms
55ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdbf1f63c209193730000000000000000%22,%222%22:%220x5c929c7fc40f1c8a0000000000000000%22,%223%22:%220x57fddfe0e8ef1ec30000000000000000%22,%224%22:%220x9b8d90facb1b049e0000000000000000%22,%225%22:%220xd60cdeac67b7c4de0000000000000000%22},%22debug_key%22:%2213533272625130241783%22,%22debug_reporting%22:true,%22destination%22:%22https://wish.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22327933171%22],%224%22:[%2209-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210437785440223688065%22}&andc=true

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xdbf1f63c209193730000000000000000","2":"0x5c929c7fc40f1c8a0000000000000000","3":"0x57fddfe0e8ef1ec30000000000000000","4":"0x9b8d90facb1b049e0000000000000000","5":"0xd60cdeac67b7c4de0000000000000000"},"debug_key":"13533272625130241783","debug_reporting":true,"destination":"https://wish.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["327933171"],"4":["09-04"],"6":["true"]},"priority":"500","source_event_id":"10437785440223688065"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Sep 2023 16:23:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xdbf1f63c209193730000000000000000","2":"0x5c929c7fc40f1c8a0000000000000000","3":"0x57fddfe0e8ef1ec30000000000000000","4":"0x9b8d90facb1b049e0000000000000000","5":"0xd60cdeac67b7c4de0000000000000000"},"debug_key":"13533272625130241783","debug_reporting":true,"destination":"https://wish.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["327933171"],"4":["09-04"],"6":["true"]},"priority":"500","source_event_id":"10437785440223688065"}&andc=true
access-control-allow-origin: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 102ms
55ms Preflight
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca4n8eQT2ZN7sCaGVjuwP0fqH6A3h3JffcqLry_foELnetMeEOhABINPLzjBg9QWgAfO5r5wByAEJ4AIAqAMByAPbBKoElwJP0IMKQyLWg6ycaiMnWaf1WWhjsOudw4zLCn5m_j4ieojiKNFS48QdPatktbUidiVUz1BVXE4Mwgb8rvJ0KfTypXtRc-JZQgmnFEgg6RiLfBhXrEOOfBVfQ2QE-5DM3CevZgVVPS8yr0WbI6LxRn-tdX6A61hLRSH9CAr6bWTHNM5ZI9DB6iX_m2QZ5QbOtRJBKk0gyVSX75Ps70Q6MpgPx3C-sHAWch0kC4jIAj5NBJR-EP8PQAcmh9p08tTVX1zE4mgirfn-8EOJT3mKzq0D6nTQIEbXO_9NGxyx3JF-9kr0rhazhqJd3lGAFgGG1kf71OkNxq4ab64ho9yQ_g_a-WMmh5-qXBmRtPGSTbOriUVuUxe_t1TABJnV5d2pBOAEAYgFlvDF_UmSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH_82HjwSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJU2h0dHBzOi8vd3d3Lndpc2guY29tP2ZpbHRlcj1yZWFjaC1jaWRzLTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC1mcm9tX2FkLTE5ODU5NjE4MzMygAoDyAsB2gwRCgsQsOfPzorI_p-7ARICAQPYEwvQFQGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=-BaYtbV6fSg&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWIFEk_GK4EmPiU-vflC-tXALLJBtc_RgB&template_id=494&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 16:23:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 272B 38 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:00:41 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F276 0
0 92ms
58ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKspSGtwelPP7zFcKJsctKkrhKSPFKIxvFUKCHcxbxOjT0xFjIZ0odha_qRZnqAU3r3GQe2orFzYtxFVqiU3ggl0qDRCtOT73dg4KHgguL23cPSdkq3W0OahYyaYhrPTWBvFVa5AJi-tiEBug16m7T8HwEwYtYJTML7VEd_8E5lbjJeyuXGfiUnseA3Hhe2-2aBVcGcuZRMse1kcprVhvLHk1i8fAfk4uUectg8z9yAYlgMZ2GQQewLeG3-SY1WGH9nHyHvXKo0RvdO8XyvtH4MfflPEirBfNwU3spNOi2RNr6rKrlkyiiY1VVkL8LPHSK3C1hvI-lLBQesC4zrSEJ2SJimRo_XduW8Zd332D-Zp52DQ&sai=AMfl-YRBSTBV53mDbOYuApoyqOiFmeh0-hsGHuvjLwVGFSuVSv_qydTjVtNFXJnlNv84Om3hsFtxuRJF5Z_S7Yk&sig=Cg0ArKJSzOeHMVCn5io4EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F276 15 KB
11 KB 115ms
73ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308290101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e1a7bb818ea17ede0c37d565625ff5adc0ddf3d5175f2fd1368d6a1a97d752a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11697
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F276 17 KB
7 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Sep 2023 16:23:22 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 113ms
55ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 16:23:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DC5B 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1361
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:00:41 GMT
expires: Tue, 03 Sep 2024 16:00:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F646 829 B
1 KB 80ms
31ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06ab4f83e8efd566e82ff4f3f0e893ee2696dda4f36c6dee92e86f347d284e99

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SBG7GQjUb4WRu7DQoODZDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 539
content-security-policy: script-src 'report-sample' 'nonce-SBG7GQjUb4WRu7DQoODZDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:22 GMT
expires: Mon, 04 Sep 2023 16:23:22 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7E3F 26 KB
12 KB 564ms
564ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_fy2021.js?bust=31077588

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91fdd4bbaa1d90d1f7553a2e23cdfd8f2c57c53440619dbd30e99f8cc11c83e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12196
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame DC5B 38 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:00:41 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F646 0
0 122ms
121ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308290101&jk=1077920515519116&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 container.html Show response
012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 21AC 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:22 GMT
expires: Tue, 03 Sep 2024 16:23:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DC5B 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?WerDsA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 44A6 478 B
195 B 65ms
63ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXA1yHJR71_DyPMDg7VeoMXjk5376vxGNlEbRBgaacvPg1Q_LkQ_K--VUKzJMlG0w4gm3aVWfSSJwmFMDHdGLx7jE08bg

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 21AC 86 KB
29 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21AC 42 B
63 B 123ms
121ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BaicrMflCVzMcFIYV1ig_43cmIJgCoyI8VVlV8FxCGpaIZq16ei3OeaWiil2oSATuHpzdMLZvEgDLHTdIccqhcB0ianY5D2phblnEkh5ciBWr9mr0

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21AC 0
20 B 123ms
121ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6858569013207297162&x=1&ct=77

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 21AC 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 12:07:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 12:07:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 21AC 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 21AC 0
0 30ms
28ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRBdNKRlVpW7Sa3VIscBmyOZpuvJ2P3Jo6e4dvaaJV-gGCYfjtsEpNiBa-PyepC_CrS_QxjjRLMZBtkzFdimWv9FPNRvQ
Requested by: Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 21AC 181 KB
57 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:22 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 44A6 170 B
409 B 100ms
31ms Image
image/png 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXA1yHJR71_DyPMDg7VeoMXjk5376vxGNlEbRBgaacvPg1Q_LkQ_K--VUKzJMlG0w4gm3aVWfSSJwmFMDHdGLx7jE08bg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 44A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

43 B
769 B

43ms
43ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXA1yHJR71_DyPMDg7VeoMXjk5376vxGNlEbRBgaacvPg1Q_LkQ_K--VUKzJMlG0w4gm3aVWfSSJwmFMDHdGLx7jE08bg
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYUYbAWwSMIJYINF6UAUlUyYDU4J0h4szj2WusrxCfRVqv7BHWWzezIYRQNchFgtw9In9Ce0D8%2BNUaA3%2FAcxaXaeER7RG1csDTYxG19ajFn1M6qDl7%2FLIMANLW5kv6zkzgWtNZ7s8GsmiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 801793a01d6b24c4-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 44A6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPYEejBdYvzKQFFqKQApEgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

43 B
737 B

39ms
39ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXA1yHJR71_DyPMDg7VeoMXjk5376vxGNlEbRBgaacvPg1Q_LkQ_K--VUKzJMlG0w4gm3aVWfSSJwmFMDHdGLx7jE08bg
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16H6Au8ALh6gRFL%2Bb%2F%2B8MoyNkSh8kqwxVC0YE057Z2sXFwMv7HVtJTcqbLTTA%2F2mmx3dzFjcg9O6NDOl%2FXRwCTjdef8GDkoRPD87VgSLQziWnl0c3Dti7ow6xhqqLQ4Tu6DFbKna%2FGR7Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 801793a06e1924c4-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21AC 0
20 B 121ms
120ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9690301790183&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21AC 0
20 B 123ms
122ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9690301790183&version=m202307240101&ct=77&x=1&cor=6858569013207297000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 21AC 16 KB
12 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk9J0fI0wvS74-7vW-1KGFUHpv8lov5U2rrBCi_qhXoDTlE6-AvEMXpzp5lzFft0GVE0sOq0UxyMnFnrSIHwTtSxackoNhkSPspglsW8tBILEpUyWnxviddFwZQytCXWClMZIPzeq84yV7EW-c-aak28sAw5Hq1GUzu_DbGDTRaTD700s&cry=1&dbm_d=AKAmf-DvYMqEPKTzCtr1SFIn5gj38VLR0dnxVn-j0z4Zi14HpOPWNPhyBQYyHOkyUUcIT4lZITl611kjg0qmHuO-ha-2IVfiN9sGDogNJL1C1SOhRoOxmxU4N7NbJ83B41xEmqHhBgoGXZXdIeNQyra7SNC0dOXgLLq6sD_TJGyGxfid1frlitxSBMnd-5oUyUOI4p7UGlI0CEStNdyd9lUAFWEchYe8B84GGTDJdaRqRwpjmBW-jKQt2-vTZcErGrN0RGA40y6S8MHwWnY7EYBEahUzI8GYedsnsljH0oaMqt9b1AYSEU7VK4THHMGG85sGbkGNJgEfrrL4PByyYIKy_6JDzhzRI1CkS_wUsV9o4-NKqp_kRChCq3J63F4Jz9ZnyiEoV1OafsmjmKaXwOaEBQ9RDVCOrqrSrXkFPmacUnuONPwUmspgRaHm2znJx4ofnYJh4AMndzbEAKWNzumWE3gn3fFondqq1N23HDiEdnuP8goDrAE92tiafGWaAkaBTuVt6kiK9eRsD17syee9iD6gPAyXxMD2ztkcl1_lCnfVniDTOu0L5jEWN_R7IBOaoYkWQmvO0AGF955YT_tRzvOswxyh7FkEBANnkhdvFuihVG8MfNm_YCpIalEuz_5enqAXhlGEkp0RWuOsRb3nyiivrRsfOie652veNtJlLfAwG2RMf0IyzWxxBrcm7oTgepWyu38Rfidmmbo5fMkn-_qyjUH_CnD_hXfImVMjGquyhCXYnGg1PKk2viajTHL9U46zMV26CgcTgREnFsxQAf9Pb-MI95dDePSY5K5L2SB9CnhOuFqCWUGuzTz9va5Yc6Ixwdi_an7RBwXIYxZPx4M5ZyuN6_s-Pf1Hj75NIc5W_miWzodNOZpUar_7MVEoMVVZIMa7p9SFcqx348XaM-Jec6VtfaKZvKAWqdhMewuxl36WG5hxhCVejmv2Ic7LJC6hnOacEunv7-WpWlmykA8nbURiRroRS8NPlpM1OzyqPu-4uS482G3JNuHQFU49R7LGDWhij9_TNosvWIXCSeC9fwGEV7IxmP1TKYjlAx6j6R1BMP3fITEsr4cMzIC1AAOgT4rCE6g99SBkAGZ2BHfCONf9WPsgLbtGPdx7mFb9Liyj9dIwegm3pI2Y8mFqN4ANf77toMZcwHwJrsHo8owN6MUX4vn4SqNi_xm9kffXP2bJ5p3Gx3kRC4jzCssQKTkcPj-35UXznSN5VfNcLxAAaTTvDHNnt5LaOnL91KxCW-HVo7rUAcLblpeX5IoFaDq31f-2gl3K0pVtUcXt8rmw7pDb9AANTpX9qrb_yJSuLJr5z57hDL0rzkzhJAemOdp7w8TDq8qdYrBXarmMZ0FVMBFV2mEcLD8HPD1VqYkYet5dFQ6nxBUKE-TNZS_3j80pv8XoLwi-yg-kfCNQdUbAzZMKc23vHu3xWL-EOranqpbJwDPW4vXa7KqnRDQt07UdZCtRAm956gmpodMuHE_2aMH8hh-3i4W0nNSlwrHmv-HMu2T2xWh7kiDI-3IpQdZ2bza3U24QdoWxqO7a0QejrrxyP5J_v2qadl16PId7Pu9uQ3705shtBJMV0_FneMdvZv6SgPLgvUgPSgv_dbrpbfamH3FJPs1cg9mUK8ZDJA8ICh5vX7BC6vY4WdY8TKvxlM4EW8WQuWg2fA2CBUHU8KZjtlMkGF4nnF77JitzfC2kGF6VNbg371cVhYciNGVVxUuS26gqg1pRwdRSqkuiD4diaEwxWW2wr3mHSqZClxzrQxZL_FR7jXX_jOiJMSRSjqVxQYEIckaSr8hjMVQv5tOeCUEs93gFh1snP8AnVlmYR5AX1zQL2gxejDz-U7fmS6g2Gj5oSNe6Y6doX5kDfZzQw9nYu3_2QFfQqWAPe1r6bMWryFbj_OE8NacL8QKiXorGq6i52e7wO0BCwHrbW4AFpsPkqopYoQfFqbXCSNx-GfAMNXAyLX3VN4ygiQBm8H2h8ybg_iXtop5VtJ39WEp5AarLeWQnBAm6-tnRCT5Q2ZIoJMt7ZM3_J5vUr1jTyWIjlATAgSmqdHScB4siJ7rUeZa07kIxtmuSojuqKCrAs0fvnBjNvQgIGUX7J9iSY4ZnUx3PmeiHaxO5lR0I5WgbxuT2EaPBUScycl8itAgCtwm3pknwGF7sJ_b4M9g3BgljjULEQVXKWF5JGGoofpGCK5yAZTLynkISP4Hj65QTZHHuDXedILuNuPpoS4vqmjIbLQEs1cqB56X23hqoyzM8e0igPNQ-GQ3A28m_gi_D7j2a8VLQSomviIwej7K_HOv_vpsK2D9tzmIOU7iUbr9iyMfwkH3dJCDrTsAgM5T51DRbX0SEmp6uLBR1nfV41NAOD7uEMHJjb2FqlOnb5A94eKsm0daRk-G1x4Tn5wR54is2kE1lA_oAWansjaTmc_k1l4QV78g7R5QHuHMFckBkvMvTdok6xVOHx2iqyU9Gv1saKPDaR83MG2cwcHiam_21gfEv3q2xGgJ_ZGf8xGxkm0SMqVdm9vQ6Bti7K3L_2y-eWI4ygx79HXuKhHt4jq-q0KCFbii-LtTLDV-5Cyhqbm8LpS6dUG9eWAxXaBE_eKTpXD6412eif_7ZHTtoOeV4GcO_2DMz2tsziRmVA4Seda-3FH2_88irUNZ3BDoV3Ey43DdrUeWyqxskZR7JhB_inQKt_KCO-3X6Uq2hphe5cUJ3vNsmr_0wfOTrM-yOc522BT6oxdDuEuv9rrXhdYQ0FKKQFGUhWdfukIHyJeOpstwmqxMSfNScEkjtopRx-z1DvA_qtK0-5_n2IdsiWkmPdPhxMhdI1QP-M5NtnqfomYKlXaFLywCDcSYeVuzEalgETwK-k6MtIfnoZkLMHqs6x61cMUnFZXf5WFUKojc2MsZcuPsSnNktgeBh8Lb9ScqV5VEXbLoyAl3r0G7WMZ9NQ4CiHy1BWMiUSGINQ3RRXuRGBDsfx4feLwiLvHYprbXdzlHjyjFmTufRYpuQFbDt97grsRjGvaKsDKsiy1FFFox_y8fyGRT1QnXUl2QS-sojj4RNI68WQ0SHQFm7A96VqY9oHSi-mlSNCuIY2HMERfwJSvsxeIymKZ36YrqM8WzM_9Hj7jemtkwvr7BAwBhERifgTU8fygdbhdXYyKr-6fxptETimMBy7Kwu2MSi7KXOkkrCfN-t9dPdhX68X5CLarG7Esm7dndhtAU0_dnhe9YGKxKLfJ1Ha2xrfVJfMvYFcZ4Of-ujJEDZTO3DeXkiTe_5dDcxMcZ2Ah7XglEvTryhJtA8hAnqOMT33Jn-6ZH04zWCWM4MArFaAI4Fo5gWuREJwgaMdqfV3g_vXjVhC8_zKwpT-WmlWk-E9uC3PIjKvCuBBa-4PpIApqYFhph71QHuAl30vw_fKJE2YsxQPMmh7c1AvfD28xcOEUjttClDzyp0UzBMXYd6NUxdmP5Hqafv_FC1rcC6QIXiAlA3TdOe4MQdhmK5gTMyv0fgRoUEXUvDy6a9zpTgPeuTvaVyJqvSiwZTmVxuTajVj_juNxxop7xPHtS4a1BZ5VIhEBYgp3th2T_VonNFRER9O8UH1sPdWlkuW3bjyQKCI4_G6vgfgaxJDgr8oZ-A5f5CySS-Q--9v3Ajj1Z-PD8zHJs4hX1_fDgvR5SObUA1IL-PJPOFN_l-EnfyBmJHL3Z4qe0WaHW2it_msdfXr6pUidr1ZU5pq9Qq14qxr16KTNRMza88Exo4r780bi2hNTcGNuUexlYrknitgPCiCAV6_KtK&cid=CAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6858569013207297000&adk=2789206706&idt=99&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

545c1561be28d952fa8fac0def54be25fcc7ab2828481644b599dd5efc348eeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12097
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 21AC 41 KB
13 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk9J0fI0wvS74-7vW-1KGFUHpv8lov5U2rrBCi_qhXoDTlE6-AvEMXpzp5lzFft0GVE0sOq0UxyMnFnrSIHwTtSxackoNhkSPspglsW8tBILEpUyWnxviddFwZQytCXWClMZIPzeq84yV7EW-c-aak28sAw5Hq1GUzu_DbGDTRaTD700s&cry=1&dbm_d=AKAmf-DvYMqEPKTzCtr1SFIn5gj38VLR0dnxVn-j0z4Zi14HpOPWNPhyBQYyHOkyUUcIT4lZITl611kjg0qmHuO-ha-2IVfiN9sGDogNJL1C1SOhRoOxmxU4N7NbJ83B41xEmqHhBgoGXZXdIeNQyra7SNC0dOXgLLq6sD_TJGyGxfid1frlitxSBMnd-5oUyUOI4p7UGlI0CEStNdyd9lUAFWEchYe8B84GGTDJdaRqRwpjmBW-jKQt2-vTZcErGrN0RGA40y6S8MHwWnY7EYBEahUzI8GYedsnsljH0oaMqt9b1AYSEU7VK4THHMGG85sGbkGNJgEfrrL4PByyYIKy_6JDzhzRI1CkS_wUsV9o4-NKqp_kRChCq3J63F4Jz9ZnyiEoV1OafsmjmKaXwOaEBQ9RDVCOrqrSrXkFPmacUnuONPwUmspgRaHm2znJx4ofnYJh4AMndzbEAKWNzumWE3gn3fFondqq1N23HDiEdnuP8goDrAE92tiafGWaAkaBTuVt6kiK9eRsD17syee9iD6gPAyXxMD2ztkcl1_lCnfVniDTOu0L5jEWN_R7IBOaoYkWQmvO0AGF955YT_tRzvOswxyh7FkEBANnkhdvFuihVG8MfNm_YCpIalEuz_5enqAXhlGEkp0RWuOsRb3nyiivrRsfOie652veNtJlLfAwG2RMf0IyzWxxBrcm7oTgepWyu38Rfidmmbo5fMkn-_qyjUH_CnD_hXfImVMjGquyhCXYnGg1PKk2viajTHL9U46zMV26CgcTgREnFsxQAf9Pb-MI95dDePSY5K5L2SB9CnhOuFqCWUGuzTz9va5Yc6Ixwdi_an7RBwXIYxZPx4M5ZyuN6_s-Pf1Hj75NIc5W_miWzodNOZpUar_7MVEoMVVZIMa7p9SFcqx348XaM-Jec6VtfaKZvKAWqdhMewuxl36WG5hxhCVejmv2Ic7LJC6hnOacEunv7-WpWlmykA8nbURiRroRS8NPlpM1OzyqPu-4uS482G3JNuHQFU49R7LGDWhij9_TNosvWIXCSeC9fwGEV7IxmP1TKYjlAx6j6R1BMP3fITEsr4cMzIC1AAOgT4rCE6g99SBkAGZ2BHfCONf9WPsgLbtGPdx7mFb9Liyj9dIwegm3pI2Y8mFqN4ANf77toMZcwHwJrsHo8owN6MUX4vn4SqNi_xm9kffXP2bJ5p3Gx3kRC4jzCssQKTkcPj-35UXznSN5VfNcLxAAaTTvDHNnt5LaOnL91KxCW-HVo7rUAcLblpeX5IoFaDq31f-2gl3K0pVtUcXt8rmw7pDb9AANTpX9qrb_yJSuLJr5z57hDL0rzkzhJAemOdp7w8TDq8qdYrBXarmMZ0FVMBFV2mEcLD8HPD1VqYkYet5dFQ6nxBUKE-TNZS_3j80pv8XoLwi-yg-kfCNQdUbAzZMKc23vHu3xWL-EOranqpbJwDPW4vXa7KqnRDQt07UdZCtRAm956gmpodMuHE_2aMH8hh-3i4W0nNSlwrHmv-HMu2T2xWh7kiDI-3IpQdZ2bza3U24QdoWxqO7a0QejrrxyP5J_v2qadl16PId7Pu9uQ3705shtBJMV0_FneMdvZv6SgPLgvUgPSgv_dbrpbfamH3FJPs1cg9mUK8ZDJA8ICh5vX7BC6vY4WdY8TKvxlM4EW8WQuWg2fA2CBUHU8KZjtlMkGF4nnF77JitzfC2kGF6VNbg371cVhYciNGVVxUuS26gqg1pRwdRSqkuiD4diaEwxWW2wr3mHSqZClxzrQxZL_FR7jXX_jOiJMSRSjqVxQYEIckaSr8hjMVQv5tOeCUEs93gFh1snP8AnVlmYR5AX1zQL2gxejDz-U7fmS6g2Gj5oSNe6Y6doX5kDfZzQw9nYu3_2QFfQqWAPe1r6bMWryFbj_OE8NacL8QKiXorGq6i52e7wO0BCwHrbW4AFpsPkqopYoQfFqbXCSNx-GfAMNXAyLX3VN4ygiQBm8H2h8ybg_iXtop5VtJ39WEp5AarLeWQnBAm6-tnRCT5Q2ZIoJMt7ZM3_J5vUr1jTyWIjlATAgSmqdHScB4siJ7rUeZa07kIxtmuSojuqKCrAs0fvnBjNvQgIGUX7J9iSY4ZnUx3PmeiHaxO5lR0I5WgbxuT2EaPBUScycl8itAgCtwm3pknwGF7sJ_b4M9g3BgljjULEQVXKWF5JGGoofpGCK5yAZTLynkISP4Hj65QTZHHuDXedILuNuPpoS4vqmjIbLQEs1cqB56X23hqoyzM8e0igPNQ-GQ3A28m_gi_D7j2a8VLQSomviIwej7K_HOv_vpsK2D9tzmIOU7iUbr9iyMfwkH3dJCDrTsAgM5T51DRbX0SEmp6uLBR1nfV41NAOD7uEMHJjb2FqlOnb5A94eKsm0daRk-G1x4Tn5wR54is2kE1lA_oAWansjaTmc_k1l4QV78g7R5QHuHMFckBkvMvTdok6xVOHx2iqyU9Gv1saKPDaR83MG2cwcHiam_21gfEv3q2xGgJ_ZGf8xGxkm0SMqVdm9vQ6Bti7K3L_2y-eWI4ygx79HXuKhHt4jq-q0KCFbii-LtTLDV-5Cyhqbm8LpS6dUG9eWAxXaBE_eKTpXD6412eif_7ZHTtoOeV4GcO_2DMz2tsziRmVA4Seda-3FH2_88irUNZ3BDoV3Ey43DdrUeWyqxskZR7JhB_inQKt_KCO-3X6Uq2hphe5cUJ3vNsmr_0wfOTrM-yOc522BT6oxdDuEuv9rrXhdYQ0FKKQFGUhWdfukIHyJeOpstwmqxMSfNScEkjtopRx-z1DvA_qtK0-5_n2IdsiWkmPdPhxMhdI1QP-M5NtnqfomYKlXaFLywCDcSYeVuzEalgETwK-k6MtIfnoZkLMHqs6x61cMUnFZXf5WFUKojc2MsZcuPsSnNktgeBh8Lb9ScqV5VEXbLoyAl3r0G7WMZ9NQ4CiHy1BWMiUSGINQ3RRXuRGBDsfx4feLwiLvHYprbXdzlHjyjFmTufRYpuQFbDt97grsRjGvaKsDKsiy1FFFox_y8fyGRT1QnXUl2QS-sojj4RNI68WQ0SHQFm7A96VqY9oHSi-mlSNCuIY2HMERfwJSvsxeIymKZ36YrqM8WzM_9Hj7jemtkwvr7BAwBhERifgTU8fygdbhdXYyKr-6fxptETimMBy7Kwu2MSi7KXOkkrCfN-t9dPdhX68X5CLarG7Esm7dndhtAU0_dnhe9YGKxKLfJ1Ha2xrfVJfMvYFcZ4Of-ujJEDZTO3DeXkiTe_5dDcxMcZ2Ah7XglEvTryhJtA8hAnqOMT33Jn-6ZH04zWCWM4MArFaAI4Fo5gWuREJwgaMdqfV3g_vXjVhC8_zKwpT-WmlWk-E9uC3PIjKvCuBBa-4PpIApqYFhph71QHuAl30vw_fKJE2YsxQPMmh7c1AvfD28xcOEUjttClDzyp0UzBMXYd6NUxdmP5Hqafv_FC1rcC6QIXiAlA3TdOe4MQdhmK5gTMyv0fgRoUEXUvDy6a9zpTgPeuTvaVyJqvSiwZTmVxuTajVj_juNxxop7xPHtS4a1BZ5VIhEBYgp3th2T_VonNFRER9O8UH1sPdWlkuW3bjyQKCI4_G6vgfgaxJDgr8oZ-A5f5CySS-Q--9v3Ajj1Z-PD8zHJs4hX1_fDgvR5SObUA1IL-PJPOFN_l-EnfyBmJHL3Z4qe0WaHW2it_msdfXr6pUidr1ZU5pq9Qq14qxr16KTNRMza88Exo4r780bi2hNTcGNuUexlYrknitgPCiCAV6_KtK&cid=CAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6858569013207297000&adk=2789206706&idt=99&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 218527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
H/1.1 200
OK r4yapv8fhxky Show response
hal9000.redintelligence.net/zone/ Frame 21AC 11 KB
4 KB 88ms
25ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/r4yapv8fhxky?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D
Requested by: Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 012162553d00a1e2b8ed30e9167bf545c1452ecf519ce6e5bfe4233fd3f6b815

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4188
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F867 22 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 121897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js Show response
pagead2.googlesyndication.com/bg/ Frame F867 38 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 525221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14792
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:29:41 GMT

GET
H/1.1

200
OK

request.php Show response
hal900021.redintelligence.net/ Frame 21AC
Redirect Chain

https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
938 B

151ms
103ms

Script
application/x-javascript

144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4243220868731&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 6aea42d896c05e915455191bfd049ed62376c2b8b02c55f42e4fa97c2ad95d24

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Sep 2023 16:23:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 66833500137964804438442012437021
Connection: close
Content-Length: 332
Expires: Mon, 04 Sep 2023 17:23:23 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 04 Sep 2023 16:23:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4243220868731&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 04 Sep 2023 17:23:23 +0200

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F867 0
20 B 127ms
126ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkLvwegT2ZLLSNPOLjuwPuq6G4AMAAAAAOAHgBAI&bg=!iomlicbNAAZnwVY5R8E7ADQBe5WfOEMByaARK1PGF_KWqy_fa07TLA7Xcnya74aQVhu4KP6P1-GxzrjDcNIMNsw-dwlkAgAAAFRSAAAABmgBBwoAHfC0pr3-nbDC_tTRWVShhChWCCHbAApirLUWpBkwmQNXy5rUjlZNThBEafgD-g3JSJuF3LlpEMZSeHgEsyZ4Q2wvTXA0AgxA79LB3LOGeL-tYtsMNUBfldIGiw6a7lfKs62ZQeiPHmiLvH9YOAs1wVCeVIISInw5SHbOyYlg_FJcStggSFH_uIVHvn7_Py6ROMM-7XyyWkaV7_ac29i3N02DkrNkp_98lcmii63auUTTyJJ10AiIJ5ZbIzSJrKBIlzQhjLSC7F9XYiakk18_Q7Sp79zn2m1FbBcUVKnnAmkwbavCvQxk2jQLCz5DG01Yoqn6fgSgyObQoBFy-fvvYkFDeA0oaY_9EDc9lDepXVPwHTt3hrWu6BjFq3xl5a34BtL8nmmNR48bH9fQZaDD4GcjnmrBONQMJCywmmIqJITML5S0Yv2kRX5Z1XsHm7kbse3kcsW3LvxYYKXZQNYvZxj--07FAm-p2pDaCZy6xjMNzc2-2wHvUl0fn_U1PK6cUjOazS68NjrIEYU3biQWpXn-BGTkrBzMzSv6QVTNdSTn-n-qsF4gcPSCxQxjDJiugclAqLgTidzZUu7tJJ5eM8HkCW7c9mcg8Lji38_--Dp73vlCG4d9vlMi9R76MBvgz_J4y5BXKXNlStYb4wmgClN6SB7LXAJEuGF267Eqbo9sRV1r7vMn5Kx_stG-zxzyguAI-e_XJJk-0EYrWL00PidFz9f2LJ8UghfwmyUpxsfnQTBxOC7nsxntid4ae9y5wVXPpT6g8weLvM5fPPwDPxFGGfByDdBASepvG91hGi2s2Mgg028j6WAnx509K9hAmsUdzIhRE4dt_83foFkLb7-3bKZ8EB6crDrReZjiBMftn51wOI1TdDa3uLSCrZfuXNmqr4UGQGHT20SYmFhqIUP6y4b7Wh5qReAuIaKFsv2220pqsKnB21QPbgDKJ-LG9B8yLVnMTrp00jgkt8aymtlgglU9lio-TcYz3jUxV-cVuNzifVecU-nWnLbxDTchCLSbVGeIrEkOvxL3RuwP9Z2bpAImqjDNdEZKKzknzcPwCpgfyypKXUnakA3MljsQXjawu3dEX1MIpCvgAYMDgYri_5GOBACLSuBxEa_fXeDG9SIh7CmOyMUhQBCZF7BHetTZMEeVkvkRKBi50vYmHwBNyF1_lfl8

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E3F 42 B
63 B 122ms
121ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AEFmbq6K4d81R_IjUgDEZUl29p5BrLgUSDz-FZvzTS_Hm6w_oCk_JD0Nj1z_Xvcjf4saIMaBQT4B_Fn2NZT-GyYudwtNB4zsVhyrFVNsrC6fD9jtQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E3F 0
20 B 122ms
122ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7724716510745788679&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7E3F 86 KB
29 KB 121ms
120ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 7E3F 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 12:07:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15360
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 12:07:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 7E3F 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 13:54:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8950
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Sep 2023 13:54:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7E3F 0
0 38ms
37ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSs29Sp041HdKCweG-_LlGwkzf69aU4LyP8-hWN0SvptAodWsSdl_6d0tKw_YTuuTxPvCKb9E0XSZ1dpd8o2vxD0uthrw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7E3F 181 KB
56 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Sep 2023 16:23:23 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AC35 478 B
195 B 64ms
63ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjlxojGATAB&v=APEucNWXxhvMRodKlhZ62WsAw0P7IVKZQU4wrHIzmLYeE6Ak5PHwPqJsKWslTBbX7nG_AvsDrpPSu__2yZrhBGAiclClGkGvOA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D3BA 42 B
64 B 132ms
131ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstLkNnD9P3Az34UckKMIR3C7Mt9F77GcckKOvKu4wtu-al_cf9ZkyxSpVms2j-vZcqDsSPXHJCG_SXohklkPA_PCb8Xwv5-wuEAldc&sig=Cg0ArKJSzNDOq8qU13mREAE&id=lidar2&mcvt=1008&p=0,0,90,728&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693844601912&rpt=224&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2593 0
127 B 32ms
32ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 04 Sep 2023 16:23:22 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame AC35 170 B
188 B 33ms
32ms Image
image/png 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjlxojGATAB&v=APEucNWXxhvMRodKlhZ62WsAw0P7IVKZQU4wrHIzmLYeE6Ak5PHwPqJsKWslTBbX7nG_AvsDrpPSu__2yZrhBGAiclClGkGvOA

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AC35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

43 B
733 B

42ms
41ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjlxojGATAB&v=APEucNWXxhvMRodKlhZ62WsAw0P7IVKZQU4wrHIzmLYeE6Ak5PHwPqJsKWslTBbX7nG_AvsDrpPSu__2yZrhBGAiclClGkGvOA
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8myQrln1LEmc3oDqUG9RS5peU2jWOT%2FYboEyGLZvUggRuyXvbsfVZTobT1ay%2FUAU%2FmHo9w5TfZUpV9JmTW5g0ieohb4X7vExLY4duuCCVSSZHxs24rvcy8ztAPgjIav95nRv9b8Dmlh9GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 801793a269b524c4-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AC35
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPYEejBdYvzKQFFqKQApEgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1

43 B
736 B

55ms
55ms

Image
image/gif

172.64.148.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjlxojGATAB&v=APEucNWXxhvMRodKlhZ62WsAw0P7IVKZQU4wrHIzmLYeE6Ak5PHwPqJsKWslTBbX7nG_AvsDrpPSu__2yZrhBGAiclClGkGvOA
Protocol: H3
Server: 172.64.148.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1NNTxQS26b1JLAq1vwQcoAJ76yPBD75UWddX6akzgHMcPR7q1zNL1l%2BSdlPFYweALkpnX7zFHzXwVxUjeJzwBkcgzSO%2BM2LEDbyyBY%2BdHtgxO9NFxwOq%2F6s5XWCtGwjIxS85ApNe1gECg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 801793a2da7724c4-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGkD-Z37Iun9Chc9Lqcmp7s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F276 0
0 128ms
128ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308290101&jk=1077920515519116&bg=!GRqlGlXNAAYHwnCgJ8I7ADQBe5WfOGT8ifCv8Rx60NjL-BSqAv9f5N9OuSnSNMElZhR-wfqvwN6fAUXWY2o6RFKG3UGLAgAAAGxSAAAABmgBBwoAD6M4nUPoZo8W0XsWGma8TZkC_U37NKZUB4Mery7HqDhA4Qk376c-wrIvIMwbWp9IOBc6aS2AdZUi6oMFZmX1Z7yT2dnvcyGg3YWJqxCUemeyfCuadF-VqO4QevJ0oG33h5C-Uq4MBr_pJXPWSiP3WaE4tCvv11qD5VzsjYp_kYAhYsrbvCf6npTZhi09douBuQug8e4iSS2zODsmBWJ2ckS04_XYpNaTBg-Ghuuv0uT-OOCBFP6vDFirw2Ac1VwAU1ds3Y-Jx-Wszr3_0P3RaoQdR_seo6TXM7x6TxJotLtZqhujNtBoO_DTPUrnDdNSQl40mnwXal01CWDxuT1HT6vR2k1xQuB3FnFLMaqpi2J_6i8g_Q-RwwML_CDJHj6xX5ka7A2kAJrTqZgqiP36w7pQIKD9VAC2HPUexny8HKHT3CGsPaNeCtN9WuC1CbBymtceB7QMY0NzDf1RVCzSs9LXYspH78epHz0_gTTXY2P0P479ab2swuatox0r80D4Rh34LXZj8UpSR-2vq1B5IcwIMlZ8goy4FnigeoiU-xGoi-X-RQhg0XixUf1v0zffXvWBas6forDXnku-B4cmsWk_mQDfiap_nVVYyv2ggL_1mdWHdJR8jmSO3pIlImivg7D9HL6SSMfUrTmiHqoH8xcxVNF0rY9JhlcORSzQJ7nzhvMz9GD7l6sFp0cXdfpfZCGLOfLxDINJSmXX2C_onn3uOfoP0eae7fv10H0WwalFuZhFflBSGPDeeEmXNOERTXdd-yyMMMLmNa_vvR9vw_ETyi9LoWOp6Y-tvWFuIEAEBwZ-aXlcgZgrB56U3h9LovhYs-eoAGpDNxkwSYSmO2goNynAjRfPiKiRyhyXGtUEaOHneQEkl6BDXW71omS4HOJ7cPZPcehrgH4jvUU5TaOpJzkB4GCfUk3Yj6BkfAOv_hOpnmgp6Upvg2A4Xx_9jzZiFRgoeJC8YFLTjwru5c_W_HBhW-Pj9ieTb9AQAciMMYtElhDLtM--8hJXU5Gn9TFB4I6dAlFMmbKwUH6rGA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame DCA4 7 KB
3 KB 81ms
29ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=872fd9bce9&subid=&uid=95b3fab0a1908e3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCyJz0egT2ZILkFajI7_UPl-mI2AmRwdCbacv2g5LcD_AuEAEg08vOMGD1BcgBCakCf6PjzrEesj6oAwHIA5sEqgTuAU_Qzdda5l8EZnAZZLsmrgfwrHUAk172EcJ8YDB9k3IvpbXTLViKQtxEF33CEyLHAXR8vowZlsLF8iqW8qPsGR0BRnKvzXhtHlEQWW2AkTN14tNvWmowKG0MG8yyO8tIDR6G5U13I6BQgsYwumqitRYRb61-8ro91G95CGn0HGs4fMRkV_ewxd5kn5BLejAb8s7tcwUQg1eshycMSPyj1uDZZX69RLSLH8B00Eoux0X58H9ApsGb5tdawZogHz1V37T84m_f-E-QD38NWbva44JRDia_mVz1iYP0fntF628uZwF1-yvHn6Ml9sCygynABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIgonQ7q6RgQMVKOS7CB2XNAKbEAEYASAAEgIxXfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWoVdCFhPmnOqB0CKRjotOPiQut24m0K4wpKdFLw_W15urKofeGAE%26sig%3DAOD64_3GLHIRb0ZhdJIEvsHvrEk5XA9eyQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Cs2WK3CsmmtXa99CNITslatCUc3QmJjxQ_JUgwP0ujOdCne821gXpRGL8KSsYOlR33MMgwifzvrnyeTLgMhN0t82XLsNJF8vyAk1uEjHHCvpq45eFVRPDKlJ3mK-ZDlYAPU582gpF610cx-nBTQ8AQZ5J_7VOuGsIm5xBJc0UBOoc6LSY%26cry%3D1%26dbm_d%3DAKAmf-AYX-9rJPdpSBxgC2Qlxl4I1zzWzRQVPoOr7FWgmVciRUnhaO5ui-tuw9lNmlZMBrVXY8MLqRjd7C8UT6SiJBcBxNo4IVfTwJ595gM-6e4NEelrIx5AvkM6_QAzY4a425PN6lEn7tlGmGJXCP9Ntj-B_8o9v7nMG4cAqo3huLnlCKBEBrczY1rIN259JJFli3a-o0K1fd-DJMw5EeTKazbSFB15kw4TguP-oby5EVMeWnNg3p9d6CMR7NU-Y13xzUGYUkbjTKvjjEykqPiNSRlCYd3HPt_l-9pKRn9AHXWdK70FcgWJnoropuzoinvtQ_wVDSxQ5M5_Z7gizujexzqfKQFWjQkEvFNIKN6YFP4Gzjmb9GkdQO3xcWw3tXWw9pRP9V3zHljGl2ZRf6eYmiE_b4B89JMMF-dExU5xMW3s1LrUwLA9_OTSJv9M9njuv7DTLvKmWfGEBsg2VrqfCmgr33Z0n2Z95vzF-xSe-lQ7ptRR_u6ALia4aLrYVb9NgxFvRNDzFWJnXUwm6VseFF3RoShr9uIWmqSwG-HvxxC_iuKEbLM9s15z7NaFvbpTgP4MfaoJXNra5jzfcEaZdIrp_GfVqYOMEkGdamuxNJ_HSRGgOJM%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=4243220868731&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 008ace0c2d39ac229117f0ea99264f4e1744f3de97f1f7e1c96e99e3229aa53f

Request headers

Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2289
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Sep 2023 16:23:23 GMT
Expires: Mon, 04 Sep 2023 17:23:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F54C 1 KB
643 B 26ms
25ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 18564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 11:13:59 GMT
etag: 48472445140208031
expires: Tue, 05 Sep 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame F54C 70 B
265 B 144ms
40ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEDC-XuDRsLWcZpjTFtC7t-s&google_cver=1&google_push=AXcoOmRO8LyCMLWiCwMCv6tfp1U-f9qw1PyvTropEqZuroMy877g5mI9ku2KjyxeUjiQy-gGwDtvGsKtg7rI5YWkuj9EXHQKcRFV
Requested by: Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame F54C 0
174 B 85ms
29ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEPsTRo95p7NU2S4GOBRREHg&google_cver=1&google_push=AXcoOmQLq65703XnCwxDpMZ_raXr4ofkjcNl6Ygf-0GkYdA69_EyKl2q0BMaeTiGtDdKFNQXaqRCVjFWXxWsim_pnZewfFJ9V7D5
Requested by: Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F54C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEPI33ZNr4s4fRkQwwmg3sDM&google_cver=1&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU2...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU27ZXI2&google_hm=eS1hTVQ2dE9CRTJwRnlyNU...

170 B
188 B

33ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU27ZXI2&google_hm=eS1hTVQ2dE9CRTJwRnlyNU5UTjhlbHIuUlpUSmQ5MmlzT35B

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 04 Sep 2023 16:23:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRxKX2pUMw6EVWmRwaQKDY3aBjlf3DiFgr1jMm28szT7W5EalS3VL59-HsH7DvCt2ANCsFbKSe0snwWeHOS3cjHBU27ZXI2&google_hm=eS1hTVQ2dE9CRTJwRnlyNU5UTjhlbHIuUlpUSmQ5MmlzT35B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F54C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_hm=ZPYEejBdYvzKQFFqKQApEgAACHwAAAAB&google_nid=index&google_push=AXcoOmTtOislz1bU3pyCQMFXC5vGRm8v_GCy5...

170 B
188 B

32ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_hm=ZPYEejBdYvzKQFFqKQApEgAACHwAAAAB&google_nid=index&google_push=AXcoOmTtOislz1bU3pyCQMFXC5vGRm8v_GCy5BZw0FAa4UaodEW45vO7j0Jl0_UEMtV0CGffiRi9_b-QCEf6SBeuwzVeHvA76i8a

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=559Z1EkLvg%2BN7E3LWlNGHz9VmrqQI0uHkj0Mo7gVRAb9ALWU0iLNKVzOP2EMeK7jzl8vCQKUL0sbxTvsLMtEAAgFyiu85YEzt7DAqQpya1C5rAYh1SbrYZ6c01FgolcccKbSrqd08LQm1g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDCT-FZJrjDG5LxsN-9k230&google_hm=ZPYEejBdYvzKQFFqKQApEgAACHwAAAAB&google_nid=index&google_push=AXcoOmTtOislz1bU3pyCQMFXC5vGRm8v_GCy5BZw0FAa4UaodEW45vO7j0Jl0_UEMtV0CGffiRi9_b-QCEf6SBeuwzVeHvA76i8a
cache-control: no-cache
cf-ray: 801793a3085d01f0-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F54C
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=google_ebda&google_gid=CAESEEFRH7kz7qSy0_r8iyUZ3Mo&google_cver=1&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HA...
https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35&google_hm=WlBZRWZNQ28...

170 B
188 B

42ms
42ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35&google_hm=WlBZRWZNQ284WU1BQUxiNy1wUUFBQUFB

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Mon, 04 Sep 2023 16:23:24 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=google_ebda&google_gid=CAESEEFRH7kz7qSy0_r8iyUZ3Mo&google_cver=1&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35","cluster_id":0,"gdpr":false,"ipv4":"176.10.106.4","key":"ZPYEfMCo8YMAALb7-pQAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad271"}
X-SO-Key: ZPYEfMCo8YMAALb7-pQAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad271
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ad_generation_eb&google_push=AXcoOmSc3krH24qaLrGyb6eFiaByAK3GCM_cugoxrvrO-Dy0phXDF-ze9w_UzHKkkhhORzEeXX3HARK9hTLGzS1l0j_lAmAQbx35&google_hm=WlBZRWZNQ284WU1BQUxiNy1wUUFBQUFB
Cache-Control: private
X-SO-HostName: m-ad271.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 2
Content-Length: 0
X-SO-LB-Hostname: m-tgng31.dc4p.scaleout.jp
X-SO-IP: 176.10.106.4

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F54C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL2irfbWziJZEZzBSeJp0Og&google_cver=1&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmg...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL2irfbWziJZEZzBSeJp0Og&google_cver=1&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmg...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GRTdnQ0hoRTJ1RktlZllxM0JGcFdJUGhfUHNCbnd6R35B&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GRTdnQ0hoRTJ1RktlZllxM0JGcFdJUGhfUHNCbnd6R35B&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmgvabY0Ia1aEE-FhrjAK-eyZgjsI4g

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GRTdnQ0hoRTJ1RktlZllxM0JGcFdJUGhfUHNCbnd6R35B&google_push=AXcoOmSi6la1_8jJ658PVR_gWzEJjLDjcBmUedQ7yDangK6RxipWyDELJ1xRmtbS-aVwqFutmgvabY0Ia1aEE-FhrjAK-eyZgjsI4g
date: Mon, 04 Sep 2023 16:23:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F54C
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=568b108a-7ee1-4be3-b9eb-148b8eb3b655&google_cver=1&google_gid=CAESEITjgbXr7HsOz9lPdGLXaLY&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=568b108a-7ee1-4be3-b9eb-148b8eb3b655&google_cver=1&google_gid=CAESEITjgbXr7HsOz9lPdGLXaLY&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmQvpo9hU55dxRVR8Pd2PB-0DWxxXxghRjKDg4d9b0COvD7V8sucFCdu-LcZhEPK5QzM-XHj6EvfgbMd7HtMwwbkB5L6hLAt&gdpr=${GDPR}

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=568b108a-7ee1-4be3-b9eb-148b8eb3b655&google_cver=1&google_gid=CAESEITjgbXr7HsOz9lPdGLXaLY&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmQvpo9hU55dxRVR8Pd2PB-0DWxxXxghRjKDg4d9b0COvD7V8sucFCdu-LcZhEPK5QzM-XHj6EvfgbMd7HtMwwbkB5L6hLAt&gdpr=${GDPR}
date: Mon, 04 Sep 2023 16:23:23 GMT
server: _
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F54C 0
12 B 37ms
36ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LVh8GrUYtOXLmy6hP5EF2u9Pa093F50bsJn_OFvFegixIEhozLexxVUvuE1XeWpAuC39LqzOY

Requested by

Host: 012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
URL: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E3F 0
20 B 126ms
126ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=300743850483&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E3F 0
20 B 124ms
124ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=300743850483&version=m202307240101&ct=77&x=1&cor=7724716510745788000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7E3F 16 KB
12 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DyoRZ9W1mT7Gtxtd-IFbOD23H9XxKnsixtJW-qEoaF3Q_sDfvZxu3XTbrqrMszzyowviBfKHI65L95it223vB-BJXp5WvyCCZXe9DOu4-KgZ8rUuFg7AxfsxNbZ0gzqNib-HMd8BUmSU5jKvHS51jFaZ26hPe10LYTfr2ofNuKJnZZxlA&cry=1&dbm_d=AKAmf-Bjo5wIH3ZTydJF52-7rWXmHXbR9kcm8r4ipOLRHgHSbe0A-DyOvs7aHOhSAlhmk1hWUS9Bzu52X4mg51EfLJjmzfwE9b9lf74mrxgPokNaFmzeh1nPfMW2SxzWYVJzHGUOdQ0JdpdEQ_gUBiQyms-Nv0qEgqAo1xxken2Sg3rkL3rXjWV3GWRRl3A0fsj_laJNtj9aEj0A3eoosYVmpPxVMhr7XLzga2zrn-c5ExdZy1CJxug6_htTWRlYibD-MO_1iZgYDIZbuH6_2tKbIN3ODwylQlBwL4EvkOue7_MdG-ff3Zlay4yqXzp5hzG0QKs-q23v31M0hi15t68MCU-a6Z4U5Z7Xe75GgWrtdzgZbXWXVKPXRsjNWSS7IHsnae2mSU5qdmqUkBJ5kv47vNKnAxxK7-qIPWSGYbFCgVArRlGyC2RDlL1bQNqXytcDSq_m-70K4uPdYXNOeS3dn5JE9UL_gkaqPL4VasyV6zsBDu7cfTdNNgKVZlAkNt6MQ5QZ4DWALeI1bEIq_yeM_5jN23UCQSs3582tEiSfkjLlWyJp1BFnb4pDZoBsndjlOcDAtev7f8y28V-J3kJC_EUDkeNFiMn-q005iKN7m8gIKEfzimB716d3d4akHMSpKL065vU7HqX3LqSx0UK8-oGDTZWVZntVS6GrU3ahScK8OMsmYp2S1JnJvltJZm7VHhvPZWvhj7BUzPVJTDR0_qxB1h6p2Zb_7M8h_UbiMybNELPOJQhWCHJX_uVHdosuxdWxQd-kNsspeLAEusxuVfRaXDKajfAR9BMv3hHWVgvHwqcD9BEjKuTNML9UDpJ3fDSlo_XloDLfQEn6sePu6Kt_ztB1MSxzNeFzIKpfORK9g2J5-2UDLEUbQc64fasZvW4IDfWzQJwoeRmfVbfAWp5DKiLE7Adg8chOIk3qW7j-p1cVQOYEv912Ih1Ez7N5YvNah9Q50CBQCJIn29bGhnF1uJi8cKnbSOKMZ9yMi67brzG9_hwcHoySDdsnMMCPt047LDFCvkn6GYmVDJuHMGlzF3YZu1n9YEuKKJYP3zaUjLShK5Z_aa6lhMlUh87Bn9uCi6HlnwJKNQ0kI9-AT0aB4sAFS99k7zgCrpJvjUOAmVuQ4r3s2rKWymkQovrUW7Om6w4yoRGTa0AVMifbZAaAN9Deppf-cBwbJfqBpfg4hIUV1l5Ms3KDyzsKc6Rktag5K0wQmEW6r0oanLTeUfI278XdF3p1YBFgqrnfwX6JL45od7zKL2f-eAynA75DU69982aDZiJHHUShg9Leh17ZQwv3dYTCUggMBLWNgBQwCwYtH-TdR9R9jizfDBfV7T7G32_edXKdN-ab7GRBUnzvmGIp2nzLoAU7NroNW_gfzfD_aUO_iLXIuO7xT1K3JNVOjFzWyF_hBemUP9wZTifw9zBqCt26-td8n7z_sR0dSPoP5JA9_iBEjDuYiHSZIHNgO2O8yspq6m1AeVB1UXGMdInz4ABpA0r4VpgR_5rifO_8sQtQ7kTtVu9p1R4cGzXiAzt4LYASQchrigMyCr-29AdPTLS-WatCjmP4OfevXHzjEE2RDEy_TXee_jtcTh835Ab7-rGzmXhlDC831OizczF_X7vIqnasjqS19DxMtEqcaPY-kdg185e3ux7xL7DLaYdQqe2uQIV969ecYAjEJrGqZX_BKxttHGsrALYSBj674RMOd7qy9UoVL8k7ZVuNnk99MC-z71EFXTIbAocMmnAyAFOuWCnHBd8O49Q6auYzS63SPquhpRqOdAbQ42qdAEmeNjtEG3kB_p5sVMe7OkwIebvQ_Uiyk7Iq3OxBqm2hJ0XyvNz5P4S9Qp_G8au1mQhtfaTi6MkE6OmqaM5-JywqPbYVsWBHM7xX6K9yygSB927zcPL7KFnQno85vIIMkXiM1CKrTfE-_G65XiMm3zkb-OquzU2sVP1Sy71eozEC2mdZWjdRUZpnF6FCTOb_Mz8xc0uUu9TtsSv2BQpYd3rhLy7YyIodKvIvBKNiYw65u-HPD_1YmJPF9WYcIbfdMOMcGGx259EHzUZOJ9vsoIgdHjvJehVS49BIpftwj4Cn6mdRmJ8dVacZVVegeqzevSq4PfWNXA7XxLfCsXtc8i3494F73R83oSus4TX0KCjcdsJyME8RghOp1bvop1eyT7OQla55rM90quaMpHaI8wrZVDbz9RH1lJ4OtOAzz6qDt5rl-lgk3NVVPBRXGhSlRpHQEZ9-K0ZVMCHrP2Jtv2KwwB-CCeV9hWWsIiQX1qaUYhJNYScFROLSqZkAG0L_z_EG0jT6U2IZuEKsrG_-lbaGUyQr-kFRTthld9oTo326CXwnU5vvTD-0iJfXYVELWVstrhEFoqLlH0uwJyFMqQr2GJS73wYmW1_Z-Z26HUoeoC46Vb26jRsZtbOZvHI5nWHHpi2mjmeo2RCMxfzHdwPpibQ8gWdUVS3xQOjQ5P_iZOUBru8p88xmVgQd2YZrWSOgqYlmhWho7nV1NpPttmVRAZVMeJ_cObQmocuthqZLN6Fjh2u4H7bQWBsViKqOiRJschTTmwAkp8ki-9ui3p6ZWrcCN3p5hPu_roMoverqQMvtDl0dLxs_AKjd_f7qFAoJqYWfPY5PpqTRvgz4Q4Bik3puG6bO1KKgmhfZboynweJJSvP2AtFU7zIoT5O4YVta2WLMERHz6jDQI9Xpo7-uZ2PfQJWiTlWLZoaROpiymhG5PrdiaZCvev61jnRuhLXuZHkbBcXpZtXmc7B8F7A_bQKF3z-LqbgphMbskrvfgytkutOV8dGmb17-L70KC8GgwMHyoFj3tI1lylRNkBDqenFXSZNRm7iR7yNxTJWC8WvR_HC3mwc7IAWPQRmpeD7JmCsMzJIFeFW6itcG35L414Cb-ZbAWuSUpWvYqiWiekPxK1gQjDXR7FTo07uMsge41P0rbfqUWXS56x8v4TV_PLbZX1E7XNbJWjqGNDnyeWMOChY1qwJwdqA4p82WW0b7Kl93Yld4LUUAIhNb3GqCtUb7U2qnkfemlxQ6TS1xgYmC1HOqBzHu1IhwUMtPTeAAt1BjcKR75qWwCDy4ZKvd6nZ79JTNIOsZremWmhfGIe5lTh17g2GkcLrQ2AHYstxaq5eC02tmCO_xsLG0lYeWp1dRQof0nT4DXgxbNXAOMNArNPcLqHsvbag1kPxVSpfxqIWWuEhDNJU6X2SjZcf2D_Hqk7aHygfmxAEvfzSuNr3hwncfsr2GRxJoGmYVlihI2CHUy7VaPm5AOy604cIVIUkOBOomthdpuRkBI3Hr0p_0e5tIp6hCpW0GkzoxTQ6vuTQh4AqyLwpDSPcf1S6telkX7cRu2WHoz2ETRH3y88COOdiIkcJIlYjvIhVWguDn94VdiJ9tqcmirbyoFB02lSEX_kCXllk7vUQWvo7lWr_LtmlnJFBv_9flb-B0-3VmwpyEFIHs0p-2Ye2HKQQ7qz8xVtlgGFypkZssCtN8MQXpfnr9YmZyoA5vPDsqV2oyEN3EwiCdeAqQ9Qr0aWURS46qNb7eDiGFH6TIZSWUAlbSfTH9TcVPTSegiQrKjs4byhCwBirfVc9AP8-OtB34iO9i8ZuhoyYeeesxxJg8aXM4iwo7N5dxPTvu8IYjqO7bfvG0DUC_90DIjYnqdF-bZwDdVdRfk9BSRY0Ffe-zElPPqOFO4hxSekX_GgXW7T0W&cid=CAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=7724716510745788000&adk=3522027986&idt=152&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4dbd6d2e4fab05a57e5a24ff855b94a3da52dfe7563d803c397560b5ded0f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11913
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame DCA4 89 KB
32 KB 105ms
33ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 12:20:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 273761
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2024 12:20:42 GMT

GET
H/1.1 200
OK S-300x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame DCA4 95 KB
95 KB 146ms
47ms Image
image/gif 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x600.gif
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:23 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-17bca"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 97226

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7E3F 41 KB
13 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DyoRZ9W1mT7Gtxtd-IFbOD23H9XxKnsixtJW-qEoaF3Q_sDfvZxu3XTbrqrMszzyowviBfKHI65L95it223vB-BJXp5WvyCCZXe9DOu4-KgZ8rUuFg7AxfsxNbZ0gzqNib-HMd8BUmSU5jKvHS51jFaZ26hPe10LYTfr2ofNuKJnZZxlA&cry=1&dbm_d=AKAmf-Bjo5wIH3ZTydJF52-7rWXmHXbR9kcm8r4ipOLRHgHSbe0A-DyOvs7aHOhSAlhmk1hWUS9Bzu52X4mg51EfLJjmzfwE9b9lf74mrxgPokNaFmzeh1nPfMW2SxzWYVJzHGUOdQ0JdpdEQ_gUBiQyms-Nv0qEgqAo1xxken2Sg3rkL3rXjWV3GWRRl3A0fsj_laJNtj9aEj0A3eoosYVmpPxVMhr7XLzga2zrn-c5ExdZy1CJxug6_htTWRlYibD-MO_1iZgYDIZbuH6_2tKbIN3ODwylQlBwL4EvkOue7_MdG-ff3Zlay4yqXzp5hzG0QKs-q23v31M0hi15t68MCU-a6Z4U5Z7Xe75GgWrtdzgZbXWXVKPXRsjNWSS7IHsnae2mSU5qdmqUkBJ5kv47vNKnAxxK7-qIPWSGYbFCgVArRlGyC2RDlL1bQNqXytcDSq_m-70K4uPdYXNOeS3dn5JE9UL_gkaqPL4VasyV6zsBDu7cfTdNNgKVZlAkNt6MQ5QZ4DWALeI1bEIq_yeM_5jN23UCQSs3582tEiSfkjLlWyJp1BFnb4pDZoBsndjlOcDAtev7f8y28V-J3kJC_EUDkeNFiMn-q005iKN7m8gIKEfzimB716d3d4akHMSpKL065vU7HqX3LqSx0UK8-oGDTZWVZntVS6GrU3ahScK8OMsmYp2S1JnJvltJZm7VHhvPZWvhj7BUzPVJTDR0_qxB1h6p2Zb_7M8h_UbiMybNELPOJQhWCHJX_uVHdosuxdWxQd-kNsspeLAEusxuVfRaXDKajfAR9BMv3hHWVgvHwqcD9BEjKuTNML9UDpJ3fDSlo_XloDLfQEn6sePu6Kt_ztB1MSxzNeFzIKpfORK9g2J5-2UDLEUbQc64fasZvW4IDfWzQJwoeRmfVbfAWp5DKiLE7Adg8chOIk3qW7j-p1cVQOYEv912Ih1Ez7N5YvNah9Q50CBQCJIn29bGhnF1uJi8cKnbSOKMZ9yMi67brzG9_hwcHoySDdsnMMCPt047LDFCvkn6GYmVDJuHMGlzF3YZu1n9YEuKKJYP3zaUjLShK5Z_aa6lhMlUh87Bn9uCi6HlnwJKNQ0kI9-AT0aB4sAFS99k7zgCrpJvjUOAmVuQ4r3s2rKWymkQovrUW7Om6w4yoRGTa0AVMifbZAaAN9Deppf-cBwbJfqBpfg4hIUV1l5Ms3KDyzsKc6Rktag5K0wQmEW6r0oanLTeUfI278XdF3p1YBFgqrnfwX6JL45od7zKL2f-eAynA75DU69982aDZiJHHUShg9Leh17ZQwv3dYTCUggMBLWNgBQwCwYtH-TdR9R9jizfDBfV7T7G32_edXKdN-ab7GRBUnzvmGIp2nzLoAU7NroNW_gfzfD_aUO_iLXIuO7xT1K3JNVOjFzWyF_hBemUP9wZTifw9zBqCt26-td8n7z_sR0dSPoP5JA9_iBEjDuYiHSZIHNgO2O8yspq6m1AeVB1UXGMdInz4ABpA0r4VpgR_5rifO_8sQtQ7kTtVu9p1R4cGzXiAzt4LYASQchrigMyCr-29AdPTLS-WatCjmP4OfevXHzjEE2RDEy_TXee_jtcTh835Ab7-rGzmXhlDC831OizczF_X7vIqnasjqS19DxMtEqcaPY-kdg185e3ux7xL7DLaYdQqe2uQIV969ecYAjEJrGqZX_BKxttHGsrALYSBj674RMOd7qy9UoVL8k7ZVuNnk99MC-z71EFXTIbAocMmnAyAFOuWCnHBd8O49Q6auYzS63SPquhpRqOdAbQ42qdAEmeNjtEG3kB_p5sVMe7OkwIebvQ_Uiyk7Iq3OxBqm2hJ0XyvNz5P4S9Qp_G8au1mQhtfaTi6MkE6OmqaM5-JywqPbYVsWBHM7xX6K9yygSB927zcPL7KFnQno85vIIMkXiM1CKrTfE-_G65XiMm3zkb-OquzU2sVP1Sy71eozEC2mdZWjdRUZpnF6FCTOb_Mz8xc0uUu9TtsSv2BQpYd3rhLy7YyIodKvIvBKNiYw65u-HPD_1YmJPF9WYcIbfdMOMcGGx259EHzUZOJ9vsoIgdHjvJehVS49BIpftwj4Cn6mdRmJ8dVacZVVegeqzevSq4PfWNXA7XxLfCsXtc8i3494F73R83oSus4TX0KCjcdsJyME8RghOp1bvop1eyT7OQla55rM90quaMpHaI8wrZVDbz9RH1lJ4OtOAzz6qDt5rl-lgk3NVVPBRXGhSlRpHQEZ9-K0ZVMCHrP2Jtv2KwwB-CCeV9hWWsIiQX1qaUYhJNYScFROLSqZkAG0L_z_EG0jT6U2IZuEKsrG_-lbaGUyQr-kFRTthld9oTo326CXwnU5vvTD-0iJfXYVELWVstrhEFoqLlH0uwJyFMqQr2GJS73wYmW1_Z-Z26HUoeoC46Vb26jRsZtbOZvHI5nWHHpi2mjmeo2RCMxfzHdwPpibQ8gWdUVS3xQOjQ5P_iZOUBru8p88xmVgQd2YZrWSOgqYlmhWho7nV1NpPttmVRAZVMeJ_cObQmocuthqZLN6Fjh2u4H7bQWBsViKqOiRJschTTmwAkp8ki-9ui3p6ZWrcCN3p5hPu_roMoverqQMvtDl0dLxs_AKjd_f7qFAoJqYWfPY5PpqTRvgz4Q4Bik3puG6bO1KKgmhfZboynweJJSvP2AtFU7zIoT5O4YVta2WLMERHz6jDQI9Xpo7-uZ2PfQJWiTlWLZoaROpiymhG5PrdiaZCvev61jnRuhLXuZHkbBcXpZtXmc7B8F7A_bQKF3z-LqbgphMbskrvfgytkutOV8dGmb17-L70KC8GgwMHyoFj3tI1lylRNkBDqenFXSZNRm7iR7yNxTJWC8WvR_HC3mwc7IAWPQRmpeD7JmCsMzJIFeFW6itcG35L414Cb-ZbAWuSUpWvYqiWiekPxK1gQjDXR7FTo07uMsge41P0rbfqUWXS56x8v4TV_PLbZX1E7XNbJWjqGNDnyeWMOChY1qwJwdqA4p82WW0b7Kl93Yld4LUUAIhNb3GqCtUb7U2qnkfemlxQ6TS1xgYmC1HOqBzHu1IhwUMtPTeAAt1BjcKR75qWwCDy4ZKvd6nZ79JTNIOsZremWmhfGIe5lTh17g2GkcLrQ2AHYstxaq5eC02tmCO_xsLG0lYeWp1dRQof0nT4DXgxbNXAOMNArNPcLqHsvbag1kPxVSpfxqIWWuEhDNJU6X2SjZcf2D_Hqk7aHygfmxAEvfzSuNr3hwncfsr2GRxJoGmYVlihI2CHUy7VaPm5AOy604cIVIUkOBOomthdpuRkBI3Hr0p_0e5tIp6hCpW0GkzoxTQ6vuTQh4AqyLwpDSPcf1S6telkX7cRu2WHoz2ETRH3y88COOdiIkcJIlYjvIhVWguDn94VdiJ9tqcmirbyoFB02lSEX_kCXllk7vUQWvo7lWr_LtmlnJFBv_9flb-B0-3VmwpyEFIHs0p-2Ye2HKQQ7qz8xVtlgGFypkZssCtN8MQXpfnr9YmZyoA5vPDsqV2oyEN3EwiCdeAqQ9Qr0aWURS46qNb7eDiGFH6TIZSWUAlbSfTH9TcVPTSegiQrKjs4byhCwBirfVc9AP8-OtB34iO9i8ZuhoyYeeesxxJg8aXM4iwo7N5dxPTvu8IYjqO7bfvG0DUC_90DIjYnqdF-bZwDdVdRfk9BSRY0Ffe-zElPPqOFO4hxSekX_GgXW7T0W&cid=CAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=7724716510745788000&adk=3522027986&idt=152&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 218528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:41:15 GMT

GET
H/1.1 200
OK eoj7iutodpqy Show response
hal9000.redintelligence.net/zone/ Frame 7E3F 11 KB
4 KB 74ms
25ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/eoj7iutodpqy?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYg1OegT2ZKyFLoTevcAP3-OTuAORwdCbadPrg5LcD_AuEAEg08vOMGD1BcgBCakCpOQf3nIgsj6oAwHIA5sEqgTxAU_QCMBBu9CMcihTeqUndglSWJNiq3pHOhTasu8tj7SId1x0ago-DmZb61JYbcuC1TnuXGE8KQyzTpt_ds6zWFTv_Cq12Kb4BU7KLnesZFumMiZZIwxnbuYtV9rgb-49HLvDOpMM1TUWICYnLYQzYcRaj1hNTY9Acja4IhV4PJ_KokMHC1N7mPrZby9iOq13VS42zy6xERO0-GIT_h_Zv1c4avqJrj66Ti_1jIpkxRAuIEqzldAzXtmUnT7xH45wnbzT3px12G46d3Rqz0uXJgCatF7xEhXG2k73g9b2AYLpjOenblkRIcxie61WhuSUMoHABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIrKro7q6RgQMVBG8PAh3f8QQ3EAEYASAAEgKVKvD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE%26sig%3DAOD64_1qdR2TEoz9QTsokYEzyhVhOcrtuA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-AUfzKAHtxAfRdXKBurfmfjE5DoFasB_0ftN24EnD8CHzxtnRJ1vnJpvBAD1kHq_YZsCOLaJ6nIa1a5KgMsDlvEYtEd2hQMqa1JN_oyBUUbso25rM19_VJvXwgT6Mc9Q82-tLAoaJpOUyQxSA1mFduasf7nle_MHefHGKlnfcProOXi7PE%26cry%3D1%26dbm_d%3DAKAmf-AJyKFnAUVTDGAYYH9vcvPALwtZTotSb-0Xz4mZ2Hi5YsY8Okudb_FsSqyqc0WB_vBkmnrt65bANgt-DasujwKKWIxLRd4ZTpvoebH3-uWzaks_6Xqa5ERXil3wp-oNhLJOn9w7ffdFwS70-vg8F-_czi5sW4w-gvUI-jUtKfREv4FlyGLmngNiCA_Fjm9oQd8w7aoujVW9Rew2XDmsV8vFe3MrPMoxcNM53gqp1qMoeDM-15MVZ_AYNxyjYB4PvtMwfa8qxrekAnsKzCJa2jNvrig0OqpJ9GUu__nNUPRkebTP4_Wzv08MGUhtoHJWQk0JVXF6kTK-FSkXgDbq9jsiZUFSfn_LhEPEU7y3oK3A9JmzTolLppAU-KIPKkfib5uf1JHESbXAQl1mu8xR5e-qc4ADoCUF0bu_hs3ET-9lghXttlYM-uTUzAoTpUfI4W4VHlnZHflQRwZy-w1hWrE9cTvNjShfZ3K358ffAOpP4EU5PGwacbsn0TJ_D61fNatdxpkq31WpmE6zB9-eNn0usRW_OG3O-KPbCgeYjQFmEpn7rqI%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 015c8f0c9a5240c0891a9776ee4d06ca7082d8c7aa30c56312c3d6ae8ef6175d

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4132
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3A79 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 121898
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Sep 2023 06:31:45 GMT
expires: Mon, 02 Sep 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame 3A79 38 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:00:41 GMT

GET
H/1.1 200
OK request.php Show response
hal900023.redintelligence.net/ Frame 7E3F 613 B
936 B 150ms
84ms Script
application/x-javascript 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=eoj7iutodpqy&nw=20&renderingType=javascript&namespace=d1afe321bd&subid=&uid=a6ebcc86aa6222e4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYg1OegT2ZKyFLoTevcAP3-OTuAORwdCbadPrg5LcD_AuEAEg08vOMGD1BcgBCakCpOQf3nIgsj6oAwHIA5sEqgTxAU_QCMBBu9CMcihTeqUndglSWJNiq3pHOhTasu8tj7SId1x0ago-DmZb61JYbcuC1TnuXGE8KQyzTpt_ds6zWFTv_Cq12Kb4BU7KLnesZFumMiZZIwxnbuYtV9rgb-49HLvDOpMM1TUWICYnLYQzYcRaj1hNTY9Acja4IhV4PJ_KokMHC1N7mPrZby9iOq13VS42zy6xERO0-GIT_h_Zv1c4avqJrj66Ti_1jIpkxRAuIEqzldAzXtmUnT7xH45wnbzT3px12G46d3Rqz0uXJgCatF7xEhXG2k73g9b2AYLpjOenblkRIcxie61WhuSUMoHABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIrKro7q6RgQMVBG8PAh3f8QQ3EAEYASAAEgKVKvD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE%26sig%3DAOD64_1qdR2TEoz9QTsokYEzyhVhOcrtuA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-AUfzKAHtxAfRdXKBurfmfjE5DoFasB_0ftN24EnD8CHzxtnRJ1vnJpvBAD1kHq_YZsCOLaJ6nIa1a5KgMsDlvEYtEd2hQMqa1JN_oyBUUbso25rM19_VJvXwgT6Mc9Q82-tLAoaJpOUyQxSA1mFduasf7nle_MHefHGKlnfcProOXi7PE%26cry%3D1%26dbm_d%3DAKAmf-AJyKFnAUVTDGAYYH9vcvPALwtZTotSb-0Xz4mZ2Hi5YsY8Okudb_FsSqyqc0WB_vBkmnrt65bANgt-DasujwKKWIxLRd4ZTpvoebH3-uWzaks_6Xqa5ERXil3wp-oNhLJOn9w7ffdFwS70-vg8F-_czi5sW4w-gvUI-jUtKfREv4FlyGLmngNiCA_Fjm9oQd8w7aoujVW9Rew2XDmsV8vFe3MrPMoxcNM53gqp1qMoeDM-15MVZ_AYNxyjYB4PvtMwfa8qxrekAnsKzCJa2jNvrig0OqpJ9GUu__nNUPRkebTP4_Wzv08MGUhtoHJWQk0JVXF6kTK-FSkXgDbq9jsiZUFSfn_LhEPEU7y3oK3A9JmzTolLppAU-KIPKkfib5uf1JHESbXAQl1mu8xR5e-qc4ADoCUF0bu_hs3ET-9lghXttlYM-uTUzAoTpUfI4W4VHlnZHflQRwZy-w1hWrE9cTvNjShfZ3K358ffAOpP4EU5PGwacbsn0TJ_D61fNatdxpkq31WpmE6zB9-eNn0usRW_OG3O-KPbCgeYjQFmEpn7rqI%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=2829728015698&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/eoj7iutodpqy?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYg1OegT2ZKyFLoTevcAP3-OTuAORwdCbadPrg5LcD_AuEAEg08vOMGD1BcgBCakCpOQf3nIgsj6oAwHIA5sEqgTxAU_QCMBBu9CMcihTeqUndglSWJNiq3pHOhTasu8tj7SId1x0ago-DmZb61JYbcuC1TnuXGE8KQyzTpt_ds6zWFTv_Cq12Kb4BU7KLnesZFumMiZZIwxnbuYtV9rgb-49HLvDOpMM1TUWICYnLYQzYcRaj1hNTY9Acja4IhV4PJ_KokMHC1N7mPrZby9iOq13VS42zy6xERO0-GIT_h_Zv1c4avqJrj66Ti_1jIpkxRAuIEqzldAzXtmUnT7xH45wnbzT3px12G46d3Rqz0uXJgCatF7xEhXG2k73g9b2AYLpjOenblkRIcxie61WhuSUMoHABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIrKro7q6RgQMVBG8PAh3f8QQ3EAEYASAAEgKVKvD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE%26sig%3DAOD64_1qdR2TEoz9QTsokYEzyhVhOcrtuA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-AUfzKAHtxAfRdXKBurfmfjE5DoFasB_0ftN24EnD8CHzxtnRJ1vnJpvBAD1kHq_YZsCOLaJ6nIa1a5KgMsDlvEYtEd2hQMqa1JN_oyBUUbso25rM19_VJvXwgT6Mc9Q82-tLAoaJpOUyQxSA1mFduasf7nle_MHefHGKlnfcProOXi7PE%26cry%3D1%26dbm_d%3DAKAmf-AJyKFnAUVTDGAYYH9vcvPALwtZTotSb-0Xz4mZ2Hi5YsY8Okudb_FsSqyqc0WB_vBkmnrt65bANgt-DasujwKKWIxLRd4ZTpvoebH3-uWzaks_6Xqa5ERXil3wp-oNhLJOn9w7ffdFwS70-vg8F-_czi5sW4w-gvUI-jUtKfREv4FlyGLmngNiCA_Fjm9oQd8w7aoujVW9Rew2XDmsV8vFe3MrPMoxcNM53gqp1qMoeDM-15MVZ_AYNxyjYB4PvtMwfa8qxrekAnsKzCJa2jNvrig0OqpJ9GUu__nNUPRkebTP4_Wzv08MGUhtoHJWQk0JVXF6kTK-FSkXgDbq9jsiZUFSfn_LhEPEU7y3oK3A9JmzTolLppAU-KIPKkfib5uf1JHESbXAQl1mu8xR5e-qc4ADoCUF0bu_hs3ET-9lghXttlYM-uTUzAoTpUfI4W4VHlnZHflQRwZy-w1hWrE9cTvNjShfZ3K358ffAOpP4EU5PGwacbsn0TJ_D61fNatdxpkq31WpmE6zB9-eNn0usRW_OG3O-KPbCgeYjQFmEpn7rqI%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 9eb2c1a31969ca37915a655d7d9ee6da0834d5aaa079e04fc4d27fe7b1d1f8ae

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Sep 2023 16:23:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 46901100147010004438270012437023
Connection: close
Content-Length: 330
Expires: Mon, 04 Sep 2023 17:23:23 +0200

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame DCA4 0
150 B 73ms
25ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=66833500137964804438442012437021&a=969bb8c8&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=66833500137964804438442012437021&a=a7903995
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame DCA4 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3A79 0
20 B 128ms
128ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPBL2ewT2ZOidFcCcjuwPg9W9-A0AAAAAOAHgBAI&bg=!5eal5qnNAAYHwnCgJ8I7ADQBe5WfOAj1vHEWksjwasfXatf9lN3O1Iz_AwrrVdmmUF8YjSXUeB6rWQj2M_HizitXN0FrAgAAAFFSAAAABGgBB5kDJ2vyV-NhiWT0_BSGp2u86gq2geLpUCKWtSAXUcuJG0tSN8TgzH7ztnyGHnsKn-6TJO45UopgQV_tfzGRUlYD-_9I38WiC0ZozRhFt7PRRipipRXAmYJ_O1tggHAcubURdHNJ3E-_29zK7Y3mtV7eSDKrBldnwZOmk5IHR-Bo9t4wXzLhG_9NF2kBv8OwDiLm0gGbFa3tGgVjiG3vy1JCqpfjBosboSUZ_u9Em3ZOL4OL6RZE1Pm90lSQe43EQKFS0QwdNwByPEFDCbCRijbpi890hgd3XxsI554vuWtLocks58NBbszm09EZT7X8pDxIYOD_j255QlMIeDHiG1X-V_ekOrFUIeimfnp7CUce6FTKjmDeoHEhuzgnx3cL4Jzl1RemJ9Za8WT2u8dhfc191ts1DIL1yK6OlXhE79JWahPTZ2Xb5kkXeEEG579tKmLpg9S6UFZxn_skOBFwwfUon32bolV54skaXnAoFUEq7BUZB8Q-DNnd6TOk4rGArh-7nAURr-lrgYqmqLZhy2kOLHwEY-KBjCM7eJINpPNQT47Xf8hD9StpuLcKO_JNMAbYajvN0uei_StZCbQcezNBRl9Se6lX4E9wujTWmzMo2dNyH_SYGqGucXowRhYpl9TvivUrAMBKNWBwPGKYYiPyHTl7fFzF8Bzp8eNGs97H-gFJZ9-Sl-0PpmbPT9XpnhmtkEHZ5pEUBMSqCCb1u7QhBXLsMARk0FOlf3aeYCTKeYqCRxMx4Hm4P9ikI-T7mGkd6d-CwI_U-WC6AKzWRETgT1KNUg1r4hGi6eQi2W6Jg_wdwNQeDsIAbeeGBqRWh7VfeGTT1FgJzdQ6Srdv7FTmVb7nJaz11oRQGKYM5_q8VWRZsfDkpv8JfALYwfRTsRBAAYf-EMuGuZE3s-jzXnvqx9C30p3npzE3VV0L54CUHjEJlP2lkepq8ez7W2VwtCr3m69bA8lZj8M60WxoUFfnyS57g1HeX5sJ5Om-GZLRd5_GhiLAQNFxoX43Qlu3uQrSRFSGdufhIvo1IQiXb3iE1MIV-5E2W5PS_QA_eldnyI2UXmZfHBXn3w

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame 9D4A 4 KB
2 KB 72ms
24ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=46901100147010004438270012437023&a=934b62af
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=eoj7iutodpqy&nw=20&renderingType=javascript&namespace=d1afe321bd&subid=&uid=a6ebcc86aa6222e4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYg1OegT2ZKyFLoTevcAP3-OTuAORwdCbadPrg5LcD_AuEAEg08vOMGD1BcgBCakCpOQf3nIgsj6oAwHIA5sEqgTxAU_QCMBBu9CMcihTeqUndglSWJNiq3pHOhTasu8tj7SId1x0ago-DmZb61JYbcuC1TnuXGE8KQyzTpt_ds6zWFTv_Cq12Kb4BU7KLnesZFumMiZZIwxnbuYtV9rgb-49HLvDOpMM1TUWICYnLYQzYcRaj1hNTY9Acja4IhV4PJ_KokMHC1N7mPrZby9iOq13VS42zy6xERO0-GIT_h_Zv1c4avqJrj66Ti_1jIpkxRAuIEqzldAzXtmUnT7xH45wnbzT3px12G46d3Rqz0uXJgCatF7xEhXG2k73g9b2AYLpjOenblkRIcxie61WhuSUMoHABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMIrKro7q6RgQMVBG8PAh3f8QQ3EAEYASAAEgKVKvD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWtm9gI1Yc0JDT8RZs4pAAe8KfjCQUPHAiobZZtVRMRH65WuSnGAE%26sig%3DAOD64_1qdR2TEoz9QTsokYEzyhVhOcrtuA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-AUfzKAHtxAfRdXKBurfmfjE5DoFasB_0ftN24EnD8CHzxtnRJ1vnJpvBAD1kHq_YZsCOLaJ6nIa1a5KgMsDlvEYtEd2hQMqa1JN_oyBUUbso25rM19_VJvXwgT6Mc9Q82-tLAoaJpOUyQxSA1mFduasf7nle_MHefHGKlnfcProOXi7PE%26cry%3D1%26dbm_d%3DAKAmf-AJyKFnAUVTDGAYYH9vcvPALwtZTotSb-0Xz4mZ2Hi5YsY8Okudb_FsSqyqc0WB_vBkmnrt65bANgt-DasujwKKWIxLRd4ZTpvoebH3-uWzaks_6Xqa5ERXil3wp-oNhLJOn9w7ffdFwS70-vg8F-_czi5sW4w-gvUI-jUtKfREv4FlyGLmngNiCA_Fjm9oQd8w7aoujVW9Rew2XDmsV8vFe3MrPMoxcNM53gqp1qMoeDM-15MVZ_AYNxyjYB4PvtMwfa8qxrekAnsKzCJa2jNvrig0OqpJ9GUu__nNUPRkebTP4_Wzv08MGUhtoHJWQk0JVXF6kTK-FSkXgDbq9jsiZUFSfn_LhEPEU7y3oK3A9JmzTolLppAU-KIPKkfib5uf1JHESbXAQl1mu8xR5e-qc4ADoCUF0bu_hs3ET-9lghXttlYM-uTUzAoTpUfI4W4VHlnZHflQRwZy-w1hWrE9cTvNjShfZ3K358ffAOpP4EU5PGwacbsn0TJ_D61fNatdxpkq31WpmE6zB9-eNn0usRW_OG3O-KPbCgeYjQFmEpn7rqI%26adurl%3D&documentReferer=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=2829728015698&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 8bfeef12cbfb9c3dc57c54cfee78207e6fcb6ddad868c39f09a5e9a557a76a45

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1500
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Sep 2023 16:23:23 GMT
Expires: Mon, 04 Sep 2023 17:23:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C416 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 18564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 11:13:59 GMT
etag: 48472445140208031
expires: Tue, 05 Sep 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C416
Redirect Chain

https://cr-p1.ladsp.com/cookiesender/1?google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_gid=CAESEJuQoASoXPrOciLFHZwlKAA&google_...
https://cr-p1.ladsp.com/cookiesender/1?cr=true&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_gid=CAESEJuQoASoXPrOciLFHZwlKAA...
https://cm.g.doubleclick.net/pixel?google_nid=sonet&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_hm=AdDujtLbrX6Dks8AD7MO4UF...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonet&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_hm=AdDujtLbrX6Dks8AD7MO4UFalMA

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=sonet&google_push=AXcoOmSi4-Y5RvaYu-tO1CwqUEQiDmT8iA69EllNOPbDmv9Da-b9q3UJ0VwVDzVdB7JUohzrF6Fuz4U_U_o_8jHSjv70g_mgC48&google_hm=AdDujtLbrX6Dks8AD7MO4UFalMA
cache-control: no-cache
content-length: 0
x-amz-cf-id: Fc-kTXJSD2BBGCJzsKMQoLxmP4ByCQpCCfDHXcw_axYzz7iHAFZ4gA==
expires: -1

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame C416 43 B
363 B 106ms
30ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTdqpNuMvCqL05Uqno2oOfiyN-pCsdy5TcWlDgkHwK42otxy7b7E3vzTnVzFV2rixfoPlszfZUDRxYtKCV-hnAdzQjljPy2&google_gid=CAESEOLrUftG9yp-r9EyS9tRkUE&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 199012
expires: Mon, 04 Sep 2023 00:00:00 GMT

GET
H/1.1 404
Not Found doubleclick
app.cauly.co.kr/idsync_ssp/ Frame C416 0
161 B 942ms
242ms Image
application/xml 133.186.161.89
NHN-AS-KR NHNCLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESEOOZ19Hqmj3ocvRnivpafkY&google_cver=1&google_push=AXcoOmRLPgf0dm63Nberk72KnK8-pNJivGvJO--RA23fLOIg-sN_V5InTFgXooPEkB6Q72dcqOl92G5v0olHLv8poYDYIbmsRgg5
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=250&slotname=3654094576&adk=3159652572&adf=3173046730&pi=t.ma~as.3654094576&w=300&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693844602160&bpp=175&bdt=184&idt=411&shv=r20230830&mjsv=m202308310101&ptt=5&saldr=sd&is_amp=1&correlator=522&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2103019657&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C31076838%2C31077372%2C31077525%2C31076994%2C31077588%2C20222283%2C31077549&oid=2&pvsid=1608112234498868&tmod=991993225&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.saixlhc7bbsq&fsb=1&dtd=421
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 133.186.161.89 , Japan, ASN45974 (NHN-AS-KR NHNCLOUD, KR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:24 GMT
Server: nginx
Connection: close
Content-Length: 0
Content-Type: Application/xml;charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C416
Redirect Chain

https://ds.uncn.jp/doubleclick/0/sync_push?google_gid=CAESEAjP8Y9bJVXnJJy7AjvlBg4&google_cver=1&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7...
https://cm.g.doubleclick.net/pixel?google_nid=unicorn&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7z4w6xko75E&google_hm=AdD6TA047E8QvIAKgKtRgRY

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=unicorn&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7z4w6xko75E&google_hm=AdD6TA047E8QvIAKgKtRgRY

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=unicorn&google_push=AXcoOmSHxqhgt5I_RKomB43psDjE27wkQBP0Bg7oNSE3T9213Q9Dv6WQ5OajiCU_YKFWn9t1XUwo9Guxt8osOtas7z4w6xko75E&google_hm=AdD6TA047E8QvIAKgKtRgRY
Date: Mon, 04 Sep 2023 16:23:24 GMT
Server: Apache
Connection: keep-alive
Content-Length: 230
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C416
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&redir=https%3A%2F%2Fcm.g.double...
https://sync.targeting.unrulymedia.com/csync/RX-1da18754-9ccd-4353-bdf5-44c2c348a17d-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmR2XSdpTtNZT-zMJHv5G...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&google_hm=Ax2hh1SczUNTvfVEwsNIoX0

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&google_hm=Ax2hh1SczUNTvfVEwsNIoX0

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmR2XSdpTtNZT-zMJHv5GFlcJWR-9Ob3FpIaqNY4do_Q9uEoGMmZOs7DSh7ZaPRbPOo2kMmO9BORdJetBNvixedfQKifucE&google_hm=Ax2hh1SczUNTvfVEwsNIoX0
date: Mon, 04 Sep 2023 16:23:23 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX1da187549ccd4353bdf544c2c348a17d003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C416
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEHhmsQ68CkwxoPjG2_D3Oxo&google_cver=1&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3NHJ3pXzX4QJxrJz3Fs6uqsKaX5FQ8oNf-6KDYdlFKm4KQ&google_hm=QlMuNTMzMi1jMjY4...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3NHJ3pXzX4QJxrJz3Fs6uqsKaX5FQ8oNf-6KDYdlFKm4KQ&google_hm=QlMuNTMzMi1jMjY4LTRmY2UtYjc3Mg==

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmTq5CfJq0aHG5rxCwdbQ0Lguq-oYzRLq5P-lp2WOjm16v4MXRQo3NHJ3pXzX4QJxrJz3Fs6uqsKaX5FQ8oNf-6KDYdlFKm4KQ&google_hm=QlMuNTMzMi1jMjY4LTRmY2UtYjc3Mg==
Date: Mon, 04 Sep 2023 16:23:23 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame C416
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEKYp9B_dBxPIDWrdJtkrYck&google_cver=1&google_push=AXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBDJ_9qd_nxAHiMpV6xfiK7P4mLQB1VIEh4Ss21LtdCDP4li7dF_feqxg
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBD...

43 B
1 KB

81ms
25ms

Image
image/gif

141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBDJ_9qd_nxAHiMpV6xfiK7P4mLQB1VIEh4Ss21LtdCDP4li7dF_feqxg

Protocol

HTTP/1.1

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 04 Sep 2023 16:23:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Mon, 04 Sep 2023 16:23:23 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmRsjWq76UaDbTNMLrplFYhLkEMSnRrFKA07NnaQWBBDJ_9qd_nxAHiMpV6xfiK7P4mLQB1VIEh4Ss21LtdCDP4li7dF_feqxg
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C416 0
12 B 32ms
31ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IaRgNGE9qsa4iHfvkXg_O1f6aRzYAPbeS4BDfYV0gf2LRbNaSTz7hNT8WCGrDKqebwLUHoDEA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK S-300x250.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 9D4A 70 KB
71 KB 126ms
48ms Image
image/gif 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x250.gif
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=46901100147010004438270012437023&a=934b62af
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:23 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-119bc"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 72124

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame 9D4A 0
150 B 73ms
25ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=46901100147010004438270012437023&a=faf9373a&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=46901100147010004438270012437023&a=934b62af
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=46901100147010004438270012437023&a=934b62af
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 16:23:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 9D4A 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F512 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPOOrXYoixIAuVp6FZtmSM8KlES-v_7-vd_y1i19fXwiZkU7XS6yNKGFm5kzk2A-XxZhCkWiKjbnJGIGmQG2eaEM5hFzbq_dYhcflm9NjDRcIzW1PQ34VaRFy4UCb-a5vtBbQDkjIoQtXB-p3Gt754MIk7senyp6xvCS5SEk8zXTzXgSIJl3aI1aRAg2Im4z0TghTteh7Zx1VagY6E1fRUKJu38Dr2NKZa3Y1rIkntRM9J75A6NHGGX-QYdoYCWo24gO-zp4ekwTWbmJxs88ZKc5KLlZ_ty10yyIfAqS6QwB87RO4t4Mz7owbroekw5oHyRYWjMbH-6_JnEMzODHoILgRfyK89tvy0NwYSNjU&sai=AMfl-YRGb6P2uZ_6wryGCiMtD30-Q2OyL-sgw5ZPtOwjYOO1OQS1s1G4SRXBJ9uW_EQ8k3sesnxZcbR_QeZqWxk&sig=Cg0ArKJSzI4whqO_1p_XEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Sep 2023 16:23:23 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F512 15 KB
11 KB 73ms
72ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230830&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_fy2021.js?bust=31077588

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0435305a2293bc921861c6e10a09c77a10e9003bf43afc99481d580bb7543ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11718
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F512 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308310101/show_ads_impl_fy2021.js?bust=31077588

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Sep 2023 16:23:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B5CC 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:00:41 GMT
expires: Tue, 03 Sep 2024 16:00:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2A56 829 B
561 B 31ms
31ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6b00949d159dcab29ae83957b800279b454cdc56c6adb2f88d72911f2e2aabb6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zDfjT6IY0o2FXz9EVURioQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 539
content-security-policy: script-src 'report-sample' 'nonce-zDfjT6IY0o2FXz9EVURioQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Sep 2023 16:23:23 GMT
expires: Mon, 04 Sep 2023 16:23:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js Show response
pagead2.googlesyndication.com/bg/ Frame B5CC 38 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QWzZRjgqb53KCPJmDiPDE6lnZUdFGzmO3KDfy6MXCng.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1363
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Sep 2024 16:00:41 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2A56 0
0 121ms
121ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230830&jk=1608112234498868&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B5CC 0
10 B 20ms
19ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_Adt8Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 16:23:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21AC 0
20 B 121ms
121ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9690301790183&version=m202307240101&ct=77&x=1&cor=6858569013207297000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F512 0
0 126ms
126ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230830&jk=1608112234498868&bg=!KSqlKmXNAAYHwnCgJ8I7ADQBe5WfOIalXHkorDlKOZ7Govq-laOUSZPxh9gDpFosyiuMTeOHLERbJ8ZYnn0ZGf6NSKTPAgAAAElSAAAAB2gBB5kDBxHR6usJL12PgxnGEVrCMaVcl4ElHA2OqoFFMEUFCU0gmZRia3BT1Hooykv4ER-XyW46iKIPgpMLnA_qlOlqEGdmuz-SZKHuA1wdKHuf9Pom6-mrWD6LHSPqXjgSfgPFEKe7KCrLEEeC6s8rfW26MR2stnOIiYIWJ6gg3mQbN3_Mbdbd1ihSFwmgczQr5cSUY9D5IEGtT8qof38VNc0oMVgMJSbXQkhIvNlUBJtI8KCTFdjOKjvUyC7mz2kikv4tCh_Tt6z04ykJtBY_KI2Y79-SUBytydrcJoGOUzM26cKH_Y6lgR4YVNoBoHn0UL0HnzlP90qQTvh1VJl9cDywgNm3UXhiI0HqvUgyG0vlZs7PFvcybUc36Fld7F04B9xDlIfDFUpX4iPd6HEvB6JEcz7rIwnDHsed_WaLfvDAhLwPdtoMYA2uhe2v-W3XsoHxKDTjXvpZVM2ez-aiYKNW68iftYzBBQ1C8R5xKt2Q_SxK0B45zJP6aE48Lbr-Lz2SXwU_5AW936XNMI9fcZystHSrkm7D0BEOD0rJL1Ud-S3_kquJO4W6d3qdIU2w4iZXUMLBRK_-LTgz51vgt19PDvZsLI3CE0Zlz_KG8fw0cV5hMo-lmi_CGN6EE56I--XyErQ9VEUtzxmVVD5exDsSgcvzL4PaZAtYrZGC75oEZLdkFhIQ0_Auggb7_hLV9fC3dnqEsD2BjWs-AkSdq1dsSebIU0ssU4awvFMuXjngaBsbx_gFGgybkQJs6AhvB7l-JADJv0z0bfKcDW0GIUe8GomV2BZOaIC8bFhDF7TZtOVBm3FueD-3kl_uJsMtsh1ahcbCfbnrl7iwO1u8bs5Nc1Iu2RbyFf_F7HrK6W0vAwG4t6PmYcnm9-__Ieo45ByFdpFs0WPabgX1ivr5y267MeJdB3C03PBJVV4YQ_gwzVd-PNJtcqUne5GhFAGs9CnvPOuUTup73ivnN0q3BeC5gwZxsQ8WMHajn0EQWW_5FViWA-w7DVyCWKLjZTbIe9YKMIHC-y6C6JU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7E3F 0
20 B 122ms
121ms Ping
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=300743850483&version=m202307240101&ct=77&x=1&cor=7724716510745788000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 16:23:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:06:44	Name: is_unique Value: sc12916097.1693844600.0
.statcounter.com/	1970-01-21 00:06:44	Name: is_visitor_unique Value: 1693844600411678137
.xgcartoon.com/	1970-01-20 23:16:20	Name: _ga Value: amp-JZUNo6GIPy4lZY3GU3lhXQ
.doubleclick.net/	1970-01-21 00:06:44	Name: IDE Value: AHWqTUlHeiy4YbRZXMf6ufKJkuoI2UwalfbeCB1GrJSH5iufKPJXvvNmWXz7PdfeecI
.googleadservices.com/	1970-01-20 16:40:20	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 23:16:20	Name: CMID Value: ZPYEejBdYvzKQFFqKQApEgAA
.casalemedia.com/	1970-01-20 16:40:20	Name: CMPS Value: 2172
.casalemedia.com/	1970-01-20 16:40:20	Name: CMPRO Value: 2172
.redintelligence.net/	1970-01-20 16:40:20	Name: 8lcfmzhxc8d6_uid Value: 493a4505b01e26bb
.blismedia.com/	1970-01-20 23:16:24	Name: b Value: 64F6047B5DF5BACA19FF406CBLIS
.csync.loopme.me/	1970-01-20 16:41:47	Name: viewer_token Value: 568b108a-7ee1-4be3-b9eb-148b8eb3b655
.yahoo.com/	1970-01-20 23:16:42	Name: A3 Value: d=AQABBHsE9mQCEG_fKOv0p_EIzOtRYNM83rcFEgEBAQFV92T_ZLti0CMA_eMAAA&S=AQAAArMTTIQQsgtuj3dTqPMM2V4
.analytics.yahoo.com/	1970-01-20 23:16:20	Name: IDSYNC Value: 18yx~2dqg
.1rx.io/	1970-01-20 23:16:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1da18754-9ccd-4353-bdf5-44c2c348a17d-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 23:16:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1da18754-9ccd-4353-bdf5-44c2c348a17d-003%22%7D
.ladsp.com/	1970-01-20 14:30:48	Name: cr Value: 1
.id5-sync.com/	1970-01-20 14:30:44	Name: cf Value:
.id5-sync.com/	1970-01-20 14:30:44	Name: cip Value:
.id5-sync.com/	1970-01-20 14:30:44	Name: cnac Value:
.id5-sync.com/	1970-01-20 14:30:44	Name: car Value:
.id5-sync.com/	1970-01-20 14:30:44	Name: gdpr Value:
.id5-sync.com/	1970-01-20 14:30:44	Name: callback Value:
.ladsp.com/	1970-01-21 00:06:44	Name: smn_uid Value: eRzyvfWDH8uK6NnvS4a2kQ-zDuFBWpQ
.ladsp.com/	1970-01-21 00:06:44	Name: lum Value: CLGJhoimMRIFCAEQqAE
.socdm.com/	1970-01-21 00:06:44	Name: SOC Value: ZPYEfMCo8YMAALb7-pQAAAAA
.uncn.jp/	1970-01-20 23:16:20	Name: t Value: v_d0fa4c0d-38ec-4f10-bc80-0a80ab518116

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	warning	URL: https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js(Line 1) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESEOOZ19Hqmj3ocvRnivpafkY&google_cver=1&google_push=AXcoOmRLPgf0dm63Nberk72KnK8-pNJivGvJO--RA23fLOIg-sN_V5InTFgXooPEkB6Q72dcqOl92G5v0olHLv8poYDYIbmsRgg5 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://www.xgcartoon.com/detail/shouxiyulingshiguoyu-qingshangguyue Message: The resource https://5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

012d6d31b367d85db15419d475db3f73.safeframe.googlesyndication.com
5db74d9be2ff7c41506361bd5866b4fa.safeframe.googlesyndication.com
ads.eu.criteo.com
ajax.googleapis.com
app.cauly.co.kr
c.statcounter.com
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.contentspread.net
cm.g.doubleclick.net
cr-p1.ladsp.com
csm.eu.criteo.net
csync.loopme.me
dis.criteo.com
ds.uncn.jp
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900021.redintelligence.net
hal900023.redintelligence.net
id5-sync.com
im.bluevoox.com
match.adsrvr.org
pagead2.googlesyndication.com
pr-bh.ybp.yahoo.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static-a.xgcartoon.com
static.criteo.net
sync.1rx.io
sync.inmobi.com
sync.targeting.unrulymedia.com
tg.socdm.com
tpc.googlesyndication.com
tr.blismedia.com
ups.analytics.yahoo.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.xgcartoon.com
104.20.219.77
108.138.7.57
124.146.215.42
133.186.161.89
141.95.98.65
142.250.186.98
144.76.238.55
169.150.222.217
172.64.148.101
178.250.1.6
178.250.1.9
20.127.253.7
2001:4860:4802:32::36
216.58.206.34
2606:4700:10::6816:2e93
2a00:1450:4001:800::2002
2a00:1450:4001:803::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2003
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:d::2
2a02:2638:d::c
2a05:d018:d29:3602:18d0:4fce:99a6:af2f
3.71.149.231
34.96.105.8
35.214.200.51
35.71.131.137
46.228.174.117
52.45.175.185
54.64.134.86
78.46.23.46
78.46.90.238
88.99.70.21
008ace0c2d39ac229117f0ea99264f4e1744f3de97f1f7e1c96e99e3229aa53f
012162553d00a1e2b8ed30e9167bf545c1452ecf519ce6e5bfe4233fd3f6b815
015c8f0c9a5240c0891a9776ee4d06ca7082d8c7aa30c56312c3d6ae8ef6175d
0348978a435efe42a3f0032226082bc4aedb9c569a9f387e8843a468c455c189
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0435305a2293bc921861c6e10a09c77a10e9003bf43afc99481d580bb7543ee1
06ab4f83e8efd566e82ff4f3f0e893ee2696dda4f36c6dee92e86f347d284e99
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c36a2fffbe6cec3fe6b03afcc0831f5a750464bc11a72326b71fb5f6faf6d98
0dae460fd23593858fc01eb27acda643ffedcb579133145a8aed3dedf957aedb
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1b4dbd6d2e4fab05a57e5a24ff855b94a3da52dfe7563d803c397560b5ded0f0
1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
1e1a7bb818ea17ede0c37d565625ff5adc0ddf3d5175f2fd1368d6a1a97d752a
2394d12e4577671d6d8a98826b3712c6c321b2d3fdc67d335ee329415631cebb
27dab8ad0a57976e7c50a9dc754a3bcdd9c76164d3d73ec27a211a573785e14b
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
340c3bbc2695a4f6d88cbbbeeb0f18e2fb3a56cc6b57be4a95c68a753004a993
34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
416cd946382a6f9dca08f2660e23c313a9676547451b398edca0dfcba3170a78
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52f0fc340ac8d12eb2eccc8aee4a8dd6420a69b903acc187f0d87b338b64a2d2
53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285
545c1561be28d952fa8fac0def54be25fcc7ab2828481644b599dd5efc348eeb
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f
5b607c49fd45e723e372d73bc0045b525359857e0c59fb01f06b3ded286aad0f
602958568edb154a5bc2c61df8871203270a7f7ff7e9ffdf770327de27ab9f3b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6aea42d896c05e915455191bfd049ed62376c2b8b02c55f42e4fa97c2ad95d24
6b00949d159dcab29ae83957b800279b454cdc56c6adb2f88d72911f2e2aabb6
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7446d4f45b9d73dd7b8eddf0b52882ab1805f9ce5b296d217a93657bf4c8fac9
7edbe41770b658fd010c797a8a3f09f57e255827a8d378f7e01f555684cbcf91
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37
8bfeef12cbfb9c3dc57c54cfee78207e6fcb6ddad868c39f09a5e9a557a76a45
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a
91fdd4bbaa1d90d1f7553a2e23cdfd8f2c57c53440619dbd30e99f8cc11c83e2
923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3
94a80fe5c25636e4f83eae9987c63b9e677bed9b90725fd4a382610b8b2ffba2
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9eb2c1a31969ca37915a655d7d9ee6da0834d5aaa079e04fc4d27fe7b1d1f8ae
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50
a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f
a31712568fcb02279df10f259faeacfb85ddb38fa08ab538f45a88fe5f2f3986
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26
a7ecaf11c1ea0f4476d32c0ac1d45db14a52a625b20faf6cfbb878af35f3f55f
a8ad8b0f4ee3eb4d9ced86b734c121f6c2457f4f7b1e996fdbbe6e1bdfd41c78
ab0fe83381aff56de38281a61543ed3a063271d1f5bbb914f42cee11f5be2680
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b34aab2c954c232742d6717bd760659ceac0b34c766936ee760257a2c539f32f
ba690c47ed9348115b0382e0a530698e1899a8e5f9752d3065235e9d560e0610
baa98afee58b3e6aded4673cb1c88f8d9154e3553dfa2b3f23cfb219c375aa95
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c254d681499648d046f0843aee607dcdddba35af6222f12335f3591d23cfc7f5
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
c6664843c3db49d83c6366bbba164c8dd2d6581f3fdb4b551c4b5329d8705de3
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496
d0fc231199496aedb9ecd5815761c55a2b598fbceafdafa8d00af9d8fc05209d
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d256658a31f51f215dc49261ae640065c44f08e9c94f0d8b73b88fff914d77fc
d6b2a8ee0432e27f9e26a971ee5b2528ae54acfa99ea13ba896afd150fa2bbed
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8f112bda71f3dcdf6fbd49cbbc228937f89bffdd0da5f4f6915203119d48bf1
ec4f56080dfe600be5d04ab1bf27117aba83605a12d0387a0d5cd96d6c422aee
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0542e502a6a852517dd388a2692d40d44b6486f18927a78041e2b8dac577b4f
f0f0dd1b398b946a89d67c9dab7d24996499f9a28f22e29e4165125edf5d1734
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f843b9b99d051f8dcf9ad42740619cc8224c58dde01b46ab29c67327be31e5b3

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

171 Requests

91 %HTTPS

49 %IPv6

29 Domains

48 Subdomains

37 IPs

9 Countries

2152 kBTransfer

5173 kBSize

26 Cookies

1 Outgoing links

Redirected requests

171 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

171
Requests

91 %
HTTPS

49 %
IPv6

29
Domains

48
Subdomains

37
IPs

9
Countries

2152 kB
Transfer

5173 kB
Size

26
Cookies

171 HTTP transactions
13 data transactions