www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Submission: On August 31 via manual (August 31st 2023, 8:07:26 am UTC) from US — Scanned from CH

Summary HTTP 236 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 31 IPs in 10 countries across 33 domains to perform 236 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2f93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
27	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
48	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
14	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
6 32	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 7	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
5 7	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
2	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
16	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
1 4	78.46.111.106 78.46.111.106	24940 (HETZNER-AS) (HETZNER-AS)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	37.157.6.254 37.157.6.254	198622 (ADFORM) (ADFORM)
3 3	216.52.2.91 216.52.2.91	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	2600:1f18:612... 2600:1f18:612b:4280:6eda:227:e8d1:bfc3	14618 (AMAZON-AES) (AMAZON-AES)
1 1	81.17.55.109 81.17.55.109	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
2	85.114.131.233 85.114.131.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	52.210.221.60 52.210.221.60	16509 (AMAZON-02) (AMAZON-02)
2 2	34.246.130.52 34.246.130.52	16509 (AMAZON-02) (AMAZON-02)
1	52.195.45.163 52.195.45.163	16509 (AMAZON-02) (AMAZON-02)
1 1	130.35.192.4 130.35.192.4	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2 2	64.202.112.191 64.202.112.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
236	31

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2f93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.185.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.149 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.244.159.8 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.63.157 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.111.106 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.106.111.46.78.clients.your-server.de

hal900027.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.254 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.91 (United States) 3 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4280:6eda:227:e8d1:bfc3 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

google.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.17.55.109 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.208.249.213 (Council Bluffs, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.220.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de

hal900016.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.233 (Weil am Rhein, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21037.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.221.60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-221-60.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.130.52 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-130-52.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.195.45.163 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-195-45-163.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.35.192.4 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Weil am Rhein, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.191 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	googlesyndication.com 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 150 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com	781 KB
61	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 237 ad.doubleclick.net — Cisco Umbrella Rank: 173 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371	359 KB
17	criteo.net static.criteo.net — Cisco Umbrella Rank: 603 csm.eu.criteo.net — Cisco Umbrella Rank: 10389	130 KB
16	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 311	141 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 405	251 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com	338 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37964 hal900027.redintelligence.net — Cisco Umbrella Rank: 269284 hal900016.redintelligence.net — Cisco Umbrella Rank: 160402	17 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	509 KB
8	openx.net 6 redirects us-u.openx.net — Cisco Umbrella Rank: 478 rtb.openx.net — Cisco Umbrella Rank: 751	2 KB
7	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 239	5 KB
6	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 10282 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11316 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 19450	41 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	4 KB
5	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
3	lijit.com 3 redirects ap.lijit.com — Cisco Umbrella Rank: 659	2 KB
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 591	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 546	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 326	798 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 805 s.tribalfusion.com — Cisco Umbrella Rank: 1949	1 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2071	812 B
2	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 82502	67 KB
2	mediago.io 2 redirects trace.mediago.io — Cisco Umbrella Rank: 1079	741 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1537	586 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 50826	611 B
1	pangle-ads.com 1 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2916	860 B
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 7689	44 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 677	596 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 13298	520 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 777	459 B
1	tremorhub.com 1 redirects google.partners.tremorhub.com — Cisco Umbrella Rank: 13061	634 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 791	709 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2547	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 9797	470 B
0	everesttech.net Failed sync-tm.everesttech.net Failed
236	33

	Domain	Requested by
48	pagead2.googlesyndication.com	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com tpc.googlesyndication.com
32	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
27	tpc.googlesyndication.com	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com www.xgcartoon.com ad.doubleclick.net pagead2.googlesyndication.com
18	securepubads.g.doubleclick.net	cdn.ampproject.org 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net www.googletagservices.com
16	s0.2mdn.net	www.xgcartoon.com 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com s0.2mdn.net
14	static.criteo.net	ads.eu.criteo.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
9	www.googletagservices.com	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
7	us-u.openx.net	5 redirects googleads.g.doubleclick.net
7	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
6	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com	cdn.ampproject.org
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal900027.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900027.redintelligence.net
3	hal900016.redintelligence.net	hal9000.redintelligence.net hal900016.redintelligence.net
3	ap.lijit.com	3 redirects
3	c1.adform.net	3 redirects
3	csm.eu.criteo.net	ads.eu.criteo.com
2	b1sync.zemanta.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	match.360yield.com	2 redirects
2	cdn.contentspread.net	hal900027.redintelligence.net hal900016.redintelligence.net
2	googleads4.g.doubleclick.net	www.xgcartoon.com
2	trace.mediago.io	2 redirects
2	hal9000.redintelligence.net	googleads.g.doubleclick.net
2	rtb.fr3.eu.criteo.com	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
2	70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cat.nl3.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	analytics.pangle-ads.com	1 redirects
1	cc.adingo.jp	googleads.g.doubleclick.net
1	ads.yieldmo.com	1 redirects
1	rtb.openx.net	1 redirects
1	im.bluevoox.com	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	google.partners.tremorhub.com	1 redirects
1	um.simpli.fi	1 redirects
1	ad.doubleclick.net	pagead2.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
0	sync-tm.everesttech.net Failed	googleads.g.doubleclick.net
236	48

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G2	`2022-09-14` - `2023-10-16`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-07-21` - `2023-10-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-27` - `2023-10-22`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
contentspread.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh
*.adingo.jp Amazon RSA 2048 M01	`2023-02-13` - `2023-11-11`	9 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Frame ID: FE33E50493DD9BD0B2ED4EB72B3BF43F
Requests: 38 HTTP requests in this frame

Frame: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: FA7511A44D713EB2405ACA7B0DEB0BC9
Requests: 9 HTTP requests in this frame

Frame: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: E31F1F62AF2C062C9F2B509ECD146484
Requests: 11 HTTP requests in this frame

Frame: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 317FC7D7B50A54AA962FB74707D898D1
Requests: 11 HTTP requests in this frame

Frame: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 1CE4C9B6ECE8BE29C367082EFEBBF6F6
Requests: 10 HTTP requests in this frame

Frame: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 0E3E1085CF9ED456A00B407596B4F374
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNAAMr2wIu-TAAAeJzLWr9C572iKnizsKYA&u=%7CtjZTWvtI%2FmDrvNACyreIfeaqx%2FL%2FKaJ2%2FFvV%2F9AZ7rY%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3mJh84NYF2ehMGmK5fFv7TidSWOgLPmRMgnHEJtWrEh5iHhi-0eLNLDaGckY0jUFz1kjdJJvEONOsEakr7QKFbEBRfYaGbjuXKGi1HxVZdMFwAfVfGI0-dAtbb9oiVXl9ibUrtHeL4k4XucPcG5ovwCxs1dMrpZOuM7AEdpfovuW4ZdN7f057Wo3wPmC8a879Hu7vv54vMHVXulqPOmw_MMdwdpoMANwNy58Llpmiv_aOs1PxnnDVei5x5yURzVAKQcqj_9PRmSX6bKHH-kcDPIgjTPoQsLLdgQ9rwRxv4dF5depedOVpGDFCrIeNT4X3yjjObpcku5dvsHPXV-oUrpjoAxjFcODWgdOqi9S0t8h9sz_UzQfESRS5JIJeIGq-3puFGmZw7b-S71gVS4oIm4arNlZtvAH45Krv0eNDfrmoqp2QlDBGMGt24eIHJawOAmQxduiEzqsJ34eymZovs6Eg2fYTC7utxZyAOeYo8neZA42as8_Y5SsSAkvj2M57BbHyka5yJc0gPJZDJAJ4__94zyR9o5AN_bU_-p7aIsurmC0TVqGMT7YtsB6gzFbI1U5MoCOrGe9wfZ49HMBW9IHCnU7-IB09A&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6dY8NErwZOzeMsDJ7_UPzJOeYMme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC0-pTdV1Ssj7gAgCoAwHIAwKqBKYCT9DU-b5wljDy42oCgCKUdhZ3oge6vkyYaTYPyKw-88ss-pI1mK62sBjIPUem3XqGKirlGDMOawzJe0tgHhr6RgASIwzI5yKZiT_3sFIYtxnrjOi6UyfEt4NP2e4E4PejnfvB1y2me7kReibFBb5XbDB7tyggotbkKZuTktQ6WtE-tckwCxPuJ5zwWXLAIPK67jzKSHZoi5XmJqc0eyZtCZC3GhQB0WB7YHXOMHDZHEMUX6RdJaB4kxqc4YxcgiZ96ASULdjGbOJv4rRrt5Xypt4EPu8A1NnFnm2NozXE4tQPs6zNGy7I_5n48YDt4QXI-XeX4szgwz2MjKbQCqG3yiY07BX1dr7Kk0e1ngiSESMR5rsPKF6LM6isk1dfDKuNocgB5VMx4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0TjO2Ql7COIVxQbAfDoUVArzlNJw%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: DA4C6B61AF065FE4C2924A9866EE64A8
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNQAHZY8H_YIoAARdiZMWiyeNc00-rReO8A&u=%7CbNmyvxVtV39KXGIyoTKCsxBCLM4KsQ%2FxlhP4wbIfK4M%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3u1JWY-vTEnzxvj0cp_692iXvC_Il6GlMiWU6m8mWg-gEpXobiGCYdhqcoPjzuPfTIQ_p4HFxSnPA46iSnnG0bewFN0fg1bslWrH14qNvRSMkWAYBN3E7LSVLPyX15P_E8bIX2DqjKEG6Q-Ic1Xl4KxV3LuYSaHGbt8kiZu8vQ-1aS3NPFT70ihYKEmZkuaboK9z90xF54HyqFoKEuJKAHjsyY00GI3-iwQN6FDWGVsgBaInMXhx5EMSMxGfXaIgNgYXhnZimVpvm4dYI5tPt2Bovu0GJKajclTIKocIMv3_9y9TaISlNFxp4ma6WlAJyQb77B_LDdp9CyGA5meFWRUMtDFaRfxEKg4Q4U-BT06zrJtKNNvdpCXalSAV0KTPxik4dZ28gk-QhMkNrr-zRAqCJFvl7CyJpp4JdDt2-HrEVVRGYHNdRRRPof5OHOcEIIL1F3BZ5IZhiL02o4WHED_wjhvsnicqUWRkw3JtbSCitOD0WKIFGJM_IyYfngPFVMmHSc1t8Qgs7leyts0DmN2jBgvFG_c3wL5CAJO8VFxR6KgpzC5tBod7UMG7-pb7dHrayrm7DZwotLQ1YoarZD4jGGX__3R5NA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRIDVNUrwZI_LHaiE9u8PibuRyALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjYVSmSyVbI-4AIAqAMByAMCqgSmAk_QcZplGqfJZeFSI4D8gWBVRFA8SQrcTHsjHBNfcsVdEfBtt_WSdEdftt4w0sQunwItbpj7cAONVuUXerDuSEIKFPnKOUzP00JFj2tjJq6irv7CXy3Yd7XkL11q5WABSApeR84pCHJ4tPllcs20evCW99GVJINIbWlqbyRINsFyR3hP5yQSFN0ffL_foKmDRkS5MTE1muriloPqftV-5AJILIY5pU1tQ-t_G5bNTjJxDZISYJQt9C6Aykm1AuGJFBZWBjB06wHlPJTJtg3KJX_xNYfgIxQrVEC16Fe5nNauUd3p-9ki0MmVQMtPtxLAAcGLG1f-DNSgwU-Y_R4k0qVAeA4sglPNktqidlwqMfqMtXHPekCoZ-B9K6STeUtH4bohNlZMwOAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0IvgRcu-w4mlWE-F5vVLLnY6_lIg%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: DF6D39FBAC323882AF14D423D6B3510D
Requests: 10 HTTP requests in this frame

Frame: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 09656F8D59855CB70EF9E1CE8EFBB771
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230829/r20190131/zrt_lookup.html
Frame ID: 6621CF9E03231C542601BE6330BEA696
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHcz_BkJlcQDH1xhyvDmA5tVvaxwibqLCYmdTSy0_IqOdFePoXtIfaARZcXb_FXJs6blOtro7tVBiWFfL7qIBDxHx1Res67DipZDNkr1LKBymb_qXcHunFF0zCLc_J3-s7lu5sHKUKMAtbXTrR3Fq0K4OpbkBIsbP-ENnXyb_JGAyMcjqrPnpgZFFlGL1ND-D3yWS4EHfsn2-ADbjHFmLVybRMR419sYJcplFdKtH0sz3Kv70JZ9SR0GAZy34K0AIkx-MVNTyfuipdTbwHSsDK2OyTItXwmwoJcRKSHxcQNTnz33mLn83ZZAw0qpz5nbJYh241yjD2LRX27wNbgA6Yelqtwsj0mwy61b-mS3BgJ0o&sai=AMfl-YR3Xwd0HHvIxq1iXS7fcY0nnMRdf3tvcSxIUmbx3iHwnnyy5zJQQ5l7PEIOpfAUqaeIerOTanNFm6xHF-0A9bTd_qI5b_CabOsIKg&sig=Cg0ArKJSzD-lvo8AX7OPEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 9991DB7DE8F47E073C47A07AB7D0DECE
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
Frame ID: 059328947DBD20D61B33CF867B011787
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861
Frame ID: EF4BCB1CB66C95E9E6DC05402F4B321D
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AFB5AAD5115C754BE09FD250AE1B0D56
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9808191529470A89282A555A8DC9CC9A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNVuA86y5CEVrxf4Q_59Qg6wqtknFGtSNXLw5tyfuWlgYe343k7XasmYdUD4KXfBlZo3wTDjAMNGEURqkQE4Y0kI7KsQOg
Frame ID: AF0FE0FFA403D477A962326D94380C8C
Requests: 4 HTTP requests in this frame

Frame: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FE813430BBBB018E7343DB8DE2B5227A
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COemXhC8s_-ZBRjVwuj0ATAB&v=APEucNXPiEQ452bJPAHxzFgfx9o2xlT_e0muqc6oTkEJOVH0V2gVpupVDm7Odf891pvwH89oZn8-C_naeTKcpZopEIbv48jlcg
Frame ID: 75AA7BE766AD3EFAF452ED2116212217
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNXXxqO9JrY4PVBVIvv2QUIJjKky5Y4TZfiTLXYSPNJQSzISFc5MrEDbzk1cOJSVeVxxyxsLM7iBj104k4lyTZg3feTbRg
Frame ID: 75514C1D7A315DCC00AD1C58729B7A07
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 38E2F0ED527D9F21D4AAF7873491B366
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 15FE2D9F4A635B6D74C6E8E66EA161BB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6FFEFB61B739AA5838286C29DBB25E14
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BA9B46CAA2508D24CA4C94F2824428F2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
Frame ID: 697915D658E2130D33CE8DC2979C2C41
Requests: 14 HTTP requests in this frame

Frame: https://hal900027.redintelligence.net/request_content.php?s=46722000037455304438268012433027&a=fe09ac78
Frame ID: 8ED717F2ECEBC67FA087922B12ECEA84
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 008A674936593C2FA87D989FED29A974
Requests: 9 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=79587400049275604438268012433016&a=d23e1d3f
Frame ID: 58D2DF310A7D880D496962BF4867011B
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E184D07FB7C81E595CB4A97A0A347752
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1A88F42BB090D3F812E51F0C13DED6E2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0388F028685DE7EBC9F9D5A2FBD1AD12
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D9BE1EC5D7B4CF65EA4693140D089862
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 144017A41D40E7CA5FFFA0D732733366
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍖OVERLORD（不死者之王）第3季（4K）【日語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

236
Requests

86 %
HTTPS

38 %
IPv6

33
Domains

48
Subdomains

31
IPs

10
Countries

2636 kB
Transfer

6639 kB
Size

30
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1&C=1

Request Chain 118

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPBKN5yqgN46xKxpP4SFCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOYDDHP4Ufe31O5V9K4r8Zo%26google_cver%3D1

Request Chain 141

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTQ5Mzc0NTk1MjY2ODQ%3D

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1

Request Chain 143

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1

Request Chain 149

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY5OTIzMjA2NjIwMzA3NDM5OA%3D%3D

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1

Request Chain 151

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

Request Chain 164

https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5708428795426&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5708428795426&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 167

https://um.simpli.fi/gp_match?google_gid=CAESEB2FxDwNKE79OGUW0O0W-c8&google_cver=1&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6owGVeIYJsz-dRW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=97F849F441854239901367624664388A&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6owGVeIYJsz-dRW

Request Chain 168

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2shYLm7id6sD6zil7Y-f2ZI9A HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2shYLm7id6sD6zil7Y-f2ZI9A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2shYLm7id6sD6zil7Y-f2ZI9A

Request Chain 169

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi&google_hm=HPenpGZHH24Y4TrDTyynAuak

Request Chain 170

https://google.partners.tremorhub.com/sync?UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qIIfTLh0fns1-65DV4tFU3g8JPfUOK8qUakeGJOvMrPHghI4anN1-nLKoB2qrsL-Veromtd7q8Dg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MDlmMDIzNjIxMjY5NGVkMjgwZjgzMzc5ZjczMWM4Yjg%3D&UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qIIfTLh0fns1-65DV4tFU3g8JPfUOK8qUakeGJOvMrPHghI4anN1-nLKoB2qrsL-Veromtd7q8Dg

Request Chain 171

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEN4TMoLhMAJs-SVQMg911tA&google_cver=1&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-mQ8cvtZ3rLAPDoC7mfzwV3eQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-mQ8cvtZ3rLAPDoC7mfzwV3eQ&google_hm=MjA4MDg5NTYwNTExMjU4MDAwOA%3D%3D

Request Chain 172

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEGPNjYMJFCmKtzUMWABX54E&google_cver=1&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-sm3ANmppnteqJ2a8rry7w_tM1WlEvWk2hjma_vMBAOvaD0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-sm3ANmppnteqJ2a8rry7w_tM1WlEvWk2hjma_vMBAOvaD0&google_hm=QlMuMTFkOC00NDU2LTQ2NmMtOTE3Nw==

Request Chain 173

https://trace.mediago.io/cs/google?google_gid=CAESEGf_hnIcKoXCaa6KMmVRGNY&google_cver=1&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__Q2oZHQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__Q2oZHQ&google_hm=cf8806ac995c35dac91f2dc224767887

Request Chain 202

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyrnBTadu83CEwVVHihbgaw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyrnBTadu83CEwVVHihbgaw

Request Chain 203

https://rtb.openx.net/sync/dds?google_gid=CAESEP4tqlRoyDaeYfJvpeUUDlE&google_cver=1&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE&google_hm=CfaN8_3SyoAI7QSwn2hiiA==

Request Chain 204

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_dXyY5Was5ZY HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_dXyY5Was5ZY&google_hm=HPenpGZHH24Y4TrDTyynAuak

Request Chain 205

https://ads.yieldmo.com/exptsync?google_gid=CAESEAJUR1y1vqb4HJO428nM2Ko&google_cver=1&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ&google_hm=M21ESnNVVUVFa1VhYVAxR1NWbDU=

Request Chain 206

https://match.360yield.com/match/ebda?google_gid=CAESEBBNIswc00x_OIIsiFJWUpE&google_cver=1&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4gDGA2U HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBBNIswc00x_OIIsiFJWUpE&google_cver=1&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4gDGA2U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Vg0wAIhKTzSBZTG16Kb7_w&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4gDGA2U

Request Chain 208

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEMMECo8Hs27r3OcgXyEk1RA&google_cver=1&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7WhuNaAfP6mSgWvFO7RWX09u75FUlNRyS8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7WhuNaAfP6mSgWvFO7RWX09u75FUlNRyS8

Request Chain 214

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 216

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOITH6Mv-g5pluqSpC_uqDg&google_cver=1&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp10tHW5E04kyafuNy0H7g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp10tHW5E04kyafuNy0H7g&google_hm=eGb99BGLRbev7n2w7kK25oM

Request Chain 217

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEA1y7Cp7AX-gbu7NaGeZ2TQ&google_cver=1&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5k_K8cMJ6j_GxRCQw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3MzM5NTAwMjYwNDA1ODc4MQ%3D%3D&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5k_K8cMJ6j_GxRCQw

Request Chain 218

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESENKkvs_XKo2Zubc0pSgVDFI&google_cver=1&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmouzqNEtUDf7XFjfxOli4eqOo92a1A HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESENKkvs_XKo2Zubc0pSgVDFI&google_cver=1&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmouzqNEtUDf7XFjfxOli4eqOo92a1A&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1rRDN1V2ExRTJ1RzdWRXdGbnNia0M1NW1OQ0FCTm1hUn5B&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmouzqNEtUDf7XFjfxOli4eqOo92a1A

Request Chain 219

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESELccZJYUvuiiUR2OPf-Ik5I&google_cver=1&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98 HTTP 302
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESELccZJYUvuiiUR2OPf-Ik5I&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98&google_hm=UWk1OEc2U2c1WERIdlJnMVhsdXA=

Request Chain 220

https://trace.mediago.io/cs/google?google_gid=CAESEGf_hnIcKoXCaa6KMmVRGNY&google_cver=1&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajls8BwDs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajls8BwDs&google_hm=cf8806ac995c35dac91f2dc224767887

236 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request over_lord_di3jiriyu-yitengshangwang Show response
www.xgcartoon.com/detail/ 79 KB
18 KB 813ms
390ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 96178739e050f18db99525d9715bb1e359635abe82300a17b1dd2c7235136ae5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 31 Aug 2023 08:07:15 GMT
etag: "13d17-qN2h1NgJQOfv/7g3XLm6Gf2fAto"
expires: Thu, 31 Aug 2023 08:08:15 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 277 KB
71 KB 149ms
66ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72923
x-xss-protection: 0
server: sffe
etag: "8f05ddb4de6114d6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 485ms
402ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23145
x-xss-protection: 0
server: sffe
etag: "1e24d49ff16f97fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 140ms
62ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9421
x-xss-protection: 0
server: sffe
etag: "56ca3e5770e137fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 49 KB
15 KB 161ms
82ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14971
x-xss-protection: 0
server: sffe
etag: "675440b55a1b9283"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 475ms
397ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15359
x-xss-protection: 0
server: sffe
etag: "f6812c8625865ef6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
6 KB 136ms
58ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4778
x-xss-protection: 0
server: sffe
etag: "3b7d847d5c21773c"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 339ms
339ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10348
x-xss-protection: 0
server: sffe
etag: "279670ab552e383b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Thu, 31 Aug 2023 08:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32193
x-xss-protection: 0
server: sffe
etag: "473971c650298c2f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 31 Aug 2023 08:07:16 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
470 B 230ms
165ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:16 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 7ff3c7666f9b3642-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 207ms
207ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:16 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Thu, 31 Aug 2023 08:10:16 GMT

GET
H2 200 over_lord_di3jiriyu-yitengshangwang.jpg
static-a.xgcartoon.com/cover/ 133 KB
134 KB 1361ms
1291ms Image
image/png 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/over_lord_di3jiriyu-yitengshangwang.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31c9383b3b1679203f0cb2895ababfd063805372dab26fe9d77989ff111a6a8e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
cf-cache-status: HIT
last-modified: Thu, 25 Aug 2022 17:45:29 GMT
server: cloudflare
etag: "DE0869E7A44A71CCD5E7289FB88D8EB3"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff3c7680f063662-FRA
content-length: 136533
expires: Fri, 01 Sep 2023 12:59:21 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 212ms
210ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:16 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Thu, 31 Aug 2023 08:10:16 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 212ms
210ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:16 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Thu, 31 Aug 2023 08:10:16 GMT

GET
H2 200 xiangyaochengweiyingzhishilizheriyu-fengzedajie.jpg
static-a.xgcartoon.com/cover/ 9 KB
9 KB 679ms
611ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/xiangyaochengweiyingzhishilizheriyu-fengzedajie.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54ecc52e1cbb695afd0f56486faa5a7e11a94fb32aa4690163efdbc2d3a770db

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 30 Oct 2022 02:21:41 GMT
server: cloudflare
etag: "8435D25208A93B34671096DED80CBB00"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff3c7680f0a3662-FRA
content-length: 9317
expires: Fri, 01 Sep 2023 03:27:37 GMT

GET
H2 200 overlorddisiji-yitengshangwang.jpg
static-a.xgcartoon.com/cover/ 11 KB
12 KB 664ms
596ms Image
image/jpeg 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/overlorddisiji-yitengshangwang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ded5ad320ec2ed9002a9340bcfe57cb7ad5f730f4d55ccdde5f57e52d06f5e6c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Thu, 25 Aug 2022 05:50:02 GMT
server: cloudflare
etag: "13E9E8D060DF1A9F06512FD1CD849F7A"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff3c7681f243662-FRA
content-length: 11728
expires: Fri, 01 Sep 2023 03:51:37 GMT

GET
H2 200 overlord_di1jiriyu-yitengshangwang.jpg
static-a.xgcartoon.com/cover/ 75 KB
75 KB 917ms
850ms Image
image/png 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/overlord_di1jiriyu-yitengshangwang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74cba1ff07b486118035612878d4565031f9f9ba69b2d64736a41888f23bfc77

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
cf-cache-status: HIT
last-modified: Thu, 25 Aug 2022 16:13:41 GMT
server: cloudflare
etag: "1CAE3A34EED9C83B28605B2E70068B57"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff3c7681f273662-FRA
content-length: 76452
expires: Fri, 01 Sep 2023 03:37:21 GMT

GET
H2 200 over_lord_di2jiriyu-yitengshangwang.jpg
static-a.xgcartoon.com/cover/ 74 KB
74 KB 1009ms
942ms Image
image/png 2606:4700:10::6816:2f93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/over_lord_di2jiriyu-yitengshangwang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df5e328a3370e8c2899547d23d4d7658c004133ab8f30062962566f8e88cc914

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
cf-cache-status: HIT
last-modified: Fri, 26 Aug 2022 07:04:39 GMT
server: cloudflare
etag: "9D4ECDFFA7E7D460DD55A68AF284DBC8"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 7ff3c7680f083662-FRA
content-length: 75520
expires: Fri, 01 Sep 2023 04:00:48 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 8 KB
3 KB 80ms
35ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:08 GMT
age: 128108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2971
x-xss-protection: 0
server: sffe
etag: "81fe35e806c986f9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:08 GMT

GET
DATA 200
OK truncated
/ 595 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 12 KB
4 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 128107
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3937
x-xss-protection: 0
server: sffe
etag: "256c2c03e8e2f982"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012308181609000/v0/ 237 KB
63 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:40 GMT
age: 128076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64176
x-xss-protection: 0
server: sffe
etag: "53ca58918b9d6396"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:40 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 288ms
229ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=4000090&ga_cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ga_hid=90&dt=1693469236717&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&bdt=574&dtd=15&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d132e25b07ce615d72c1e0d2ace64eba3b9ed1532d3eb2a238f19d11d2ed2aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13970
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: COzIssK4hoEDFcDkuwgdzIkHDA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 08:07:17 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 635ms
576ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=801&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=4000090&ga_cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ga_hid=90&dt=1693469236717&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&bdt=574&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ba8fefd43622cbf6c8acc8489affef7edc5bc774ae6596abedc1dd8cd9e3310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 120x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13008
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CKX4scK4hoEDFbaS_QcdFKIGvQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138351398969
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 08:07:17 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 776ms
718ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=4000090&ga_cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ga_hid=90&dt=1693469236717&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&bdt=574&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a77f8f8d5bff81c8670ef7d99170f780376e9e19066af7f511a9b5f0f876c964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23177
x-xss-protection: 0
google-lineitem-id: 6136662859
x-qqid: CNPjscK4hoEDFR6J_QcdnSMMSQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138390659313
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 08:07:17 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 432ms
375ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=4000090&ga_cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ga_hid=90&dt=1693469236717&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&bdt=574&dtd=19&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5498ec584b15d3ba85c1e2aa1adb47d5d89ab310518315763863cf2bc30bfa9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 120x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13006
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CKTZscK4hoEDFZvluwgduaQPKQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138351399065
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 08:07:17 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 945ms
889ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2308181609000&d_imp=1&c=4000090&ga_cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ga_hid=90&dt=1693469236717&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&bdt=574&dtd=20&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

608f6a60a9ec2b411b5a4b9dbd8c68e9eab9218a2877e44d1d7820fb3bc16f8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13974
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CM-52sK4hoEDFSiC_QcdiV0EKQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Thu, 31 Aug 2023 08:07:17 GMT

GET
H2 200 container.html
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 129ms
30ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/ 2 KB
886 B 25ms
25ms Fetch
application/json 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012308181609000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 29 Aug 2023 20:32:09 GMT
age: 128108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "0fc0eb4a65ca6481"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 28 Aug 2024 20:32:09 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 210ms
209ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:17 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Thu, 31 Aug 2023 08:10:17 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 95ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=90&cid=amp-FuXQ0FzqXrYO4CQwQsvmYQ&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&dr=&dt=%F0%9F%8D%96OVERLORD%EF%BC%88%E4%B8%8D%E6%AD%BB%E8%80%85%E4%B9%8B%E7%8E%8B%EF%BC%89%20%E7%AC%AC3%E5%AD%A3%EF%BC%884K%EF%BC%89%E3%80%90%E6%97%A5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1693469238&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FA75 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E31F 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 317F 6 KB
3 KB 38ms
37ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1CE4 6 KB
3 KB 37ms
36ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0E3E 6 KB
3 KB 35ms
34ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame DA4C 51 KB
20 KB 162ms
66ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNAAMr2wIu-TAAAeJzLWr9C572iKnizsKYA&u=%7CtjZTWvtI%2FmDrvNACyreIfeaqx%2FL%2FKaJ2%2FFvV%2F9AZ7rY%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3mJh84NYF2ehMGmK5fFv7TidSWOgLPmRMgnHEJtWrEh5iHhi-0eLNLDaGckY0jUFz1kjdJJvEONOsEakr7QKFbEBRfYaGbjuXKGi1HxVZdMFwAfVfGI0-dAtbb9oiVXl9ibUrtHeL4k4XucPcG5ovwCxs1dMrpZOuM7AEdpfovuW4ZdN7f057Wo3wPmC8a879Hu7vv54vMHVXulqPOmw_MMdwdpoMANwNy58Llpmiv_aOs1PxnnDVei5x5yURzVAKQcqj_9PRmSX6bKHH-kcDPIgjTPoQsLLdgQ9rwRxv4dF5depedOVpGDFCrIeNT4X3yjjObpcku5dvsHPXV-oUrpjoAxjFcODWgdOqi9S0t8h9sz_UzQfESRS5JIJeIGq-3puFGmZw7b-S71gVS4oIm4arNlZtvAH45Krv0eNDfrmoqp2QlDBGMGt24eIHJawOAmQxduiEzqsJ34eymZovs6Eg2fYTC7utxZyAOeYo8neZA42as8_Y5SsSAkvj2M57BbHyka5yJc0gPJZDJAJ4__94zyR9o5AN_bU_-p7aIsurmC0TVqGMT7YtsB6gzFbI1U5MoCOrGe9wfZ49HMBW9IHCnU7-IB09A&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6dY8NErwZOzeMsDJ7_UPzJOeYMme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC0-pTdV1Ssj7gAgCoAwHIAwKqBKYCT9DU-b5wljDy42oCgCKUdhZ3oge6vkyYaTYPyKw-88ss-pI1mK62sBjIPUem3XqGKirlGDMOawzJe0tgHhr6RgASIwzI5yKZiT_3sFIYtxnrjOi6UyfEt4NP2e4E4PejnfvB1y2me7kReibFBb5XbDB7tyggotbkKZuTktQ6WtE-tckwCxPuJ5zwWXLAIPK67jzKSHZoi5XmJqc0eyZtCZC3GhQB0WB7YHXOMHDZHEMUX6RdJaB4kxqc4YxcgiZ96ASULdjGbOJv4rRrt5Xypt4EPu8A1NnFnm2NozXE4tQPs6zNGy7I_5n48YDt4QXI-XeX4szgwz2MjKbQCqG3yiY07BX1dr7Kk0e1ngiSESMR5rsPKF6LM6isk1dfDKuNocgB5VMx4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0TjO2Ql7COIVxQbAfDoUVArzlNJw%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fb78884b2e1bf04ebe0ca1ad10c9bcc60d2bb43ebeee32b88c3e2ee83e89fe73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:17 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=EC0Q9z0VvNx90Ii-CDZo_02-1M1OK1v7Hl6Vyq5UsX9oU49gnGdCDj6yEwDyA9y3wNufUtQTcS8KoB64hpjA1LOignqS-rOUo_iBMyLZyetIDG6iGuY1svYbbK3ro_Oo754PKC_DyzofpJXYvB36oFLEs_aiL27G4KUqBmPIIdkhJsdTAILCSVFVKidycXPm3aHzzPvpDZHjqjern1xR9irk9neP8qNPBMS3EX08mjyeU-wSINZ1l9JZT-Vr2O_YWXsA-Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3464488
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame FA75 3 KB
1 KB 139ms
42ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:12:22 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame FA75 20 KB
8 KB 112ms
17ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64092
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:06 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame FA75 24 KB
7 KB 118ms
23ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 03:38:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 361718
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Aug 2024 03:38:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FA75 181 KB
57 KB 147ms
53ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame E31F 18 KB
8 KB 140ms
67ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c70a5278ec1a1a6c4adf649a460a3fb5860ff48f19a88d87ce557395242e2d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7892
x-xss-protection: 0
server: cafe
etag: 4399731300668245015
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E31F 181 KB
57 KB 198ms
128ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame E31F 0
461 B 62ms
61ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuA4ChLyjO3MrAzddY9ortOPT21bGBbRU-HqPQ4IzQWHIh2IaNhVocEYoAG8MpfSKdz6H2MJS-P_6u1SUTFMfxuO1aNVU5k-FtnQ3DbzvENutXN3zusg1GAj0cjAELCmV2fqkgt5mnL1nIiB23eNMkb6mc1SL6T8Uuh7sQON784UQsmX2dcuec1eTwZktLMjLVm_oE76grBn_ko6aYjzqCXLBPuuxNAmkwm-vW_WManc87Bie1rEF6zXmGWWdVpPwHujBhh-sjrxqzf5FiheyC_9K_d_8SkpkcdZ937Cnbj4jrLAmwNYzBlfIRNzwIwFpWye0ck1Cy1LLxQ5vfb87j8QE1uZ0c5d3WN30d80Q&sai=AMfl-YT-MMezZkASRhsPPA-3WjRDGFZhu9CXVuqzbKr2l8qVVUSbDhT6-lqd_Ts1Q8h6zUHV-UC2fJBvtLTUek0&sig=Cg0ArKJSzI76gnfXrsydEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 317F 99 KB
29 KB 101ms
101ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

763421a5334408955c647efd773480defe5217eebdbbdd292c9071dfe83148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29049
x-xss-protection: 0
server: cafe
etag: 245 / 19600 / 31077464 / config-hash: 8988950760368396923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 317F 181 KB
57 KB 187ms
134ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 317F 0
293 B 60ms
59ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu9EYDpRIsDzdcKPbFussLQz7F8KTT_SoOU8vu55hIsbO5LcFq1PsWA2EThTa61cF8yKUKFrCpnoQcMEcB1Pr7xxmXWgKp7xydWlo32xBSDuAMqv9TxXvqeNAAJqyzWNRgHHVz7DluoYYReVDhsEU97UFf5WIuar-iUxinP1vFjOvQRswFsT5NIfjz8Sy2_CjiQDj-yINAyaz-pAheM3wJp95xGV6b_mKuDG_w2m2zHX6olkuDOMEPYeiFAOkMREqPb0ckl0ZEDtExcCZgXeQkaClLf8SX_Uj6sngxZYdxqJl47DMGevqQaPB6iDKKUXRauThGu9KphEBNSeXN_VgYs0rVQrICu_iNUKUsrD642udM&sai=AMfl-YQmD0uj2AqNiSWS6pEu7B79kb8mKMdOjx8j0OnVm03mi4gvWWY8JxEW-IF4w0tGF2oabb9gdVn4wud-nHc&sig=Cg0ArKJSzKWiEjDXtFowEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 1CE4 18 KB
8 KB 148ms
104ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a8d33a897d81cabb802e0a524b10667897c6e311bb8b1706061f840d6796a9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7891
x-xss-protection: 0
server: cafe
etag: 15332239425839501641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1CE4 181 KB
57 KB 138ms
95ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1CE4 0
292 B 61ms
60ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHKX2kDTX-Gt6cKQhFE7D1byjpQQjlPbzA1qfsnNGlvud3ZYkBmB10k5KziYdfaydZ6HDsF1b59AHB6f9EumTCcmZZYsJPwUTc_uG538ibd3y-WMlZfRACEipTA6Zi5Vmhli1OmBtpEngcSvsjO6K5cJ6_Pfyqk_M5LnHLSzulh6LQ1YO-Kp9zNnZh3ZUbj7fqAGDN90elRLU3nThBjWuc0NUQLkI244QfBIpE1YMspNRRRC4tkmisuO4TwkpNapPaK-WSZ44ZW6zldMVCBS1c6g9xD2WELtAdRzX9kqtBXnOAZXkUOjZe0H_FDxLA1y3AiJZFNBQb7qLzsH8YmSGBfsQ6hdMBC9Y_TaaX&sai=AMfl-YTdmGeY1_hI2By3X39FkoZanIw68JcnI86SgR0zwFO4-LdvNF7UBHhBBoMB9tjFGIAOLPSULiZFWOylZRw&sig=Cg0ArKJSzFDoZkb5s8R7EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame DF6D 51 KB
20 KB 115ms
84ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNQAHZY8H_YIoAARdiZMWiyeNc00-rReO8A&u=%7CbNmyvxVtV39KXGIyoTKCsxBCLM4KsQ%2FxlhP4wbIfK4M%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3u1JWY-vTEnzxvj0cp_692iXvC_Il6GlMiWU6m8mWg-gEpXobiGCYdhqcoPjzuPfTIQ_p4HFxSnPA46iSnnG0bewFN0fg1bslWrH14qNvRSMkWAYBN3E7LSVLPyX15P_E8bIX2DqjKEG6Q-Ic1Xl4KxV3LuYSaHGbt8kiZu8vQ-1aS3NPFT70ihYKEmZkuaboK9z90xF54HyqFoKEuJKAHjsyY00GI3-iwQN6FDWGVsgBaInMXhx5EMSMxGfXaIgNgYXhnZimVpvm4dYI5tPt2Bovu0GJKajclTIKocIMv3_9y9TaISlNFxp4ma6WlAJyQb77B_LDdp9CyGA5meFWRUMtDFaRfxEKg4Q4U-BT06zrJtKNNvdpCXalSAV0KTPxik4dZ28gk-QhMkNrr-zRAqCJFvl7CyJpp4JdDt2-HrEVVRGYHNdRRRPof5OHOcEIIL1F3BZ5IZhiL02o4WHED_wjhvsnicqUWRkw3JtbSCitOD0WKIFGJM_IyYfngPFVMmHSc1t8Qgs7leyts0DmN2jBgvFG_c3wL5CAJO8VFxR6KgpzC5tBod7UMG7-pb7dHrayrm7DZwotLQ1YoarZD4jGGX__3R5NA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRIDVNUrwZI_LHaiE9u8PibuRyALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjYVSmSyVbI-4AIAqAMByAMCqgSmAk_QcZplGqfJZeFSI4D8gWBVRFA8SQrcTHsjHBNfcsVdEfBtt_WSdEdftt4w0sQunwItbpj7cAONVuUXerDuSEIKFPnKOUzP00JFj2tjJq6irv7CXy3Yd7XkL11q5WABSApeR84pCHJ4tPllcs20evCW99GVJINIbWlqbyRINsFyR3hP5yQSFN0ffL_foKmDRkS5MTE1muriloPqftV-5AJILIY5pU1tQ-t_G5bNTjJxDZISYJQt9C6Aykm1AuGJFBZWBjB06wHlPJTJtg3KJX_xNYfgIxQrVEC16Fe5nNauUd3p-9ki0MmVQMtPtxLAAcGLG1f-DNSgwU-Y_R4k0qVAeA4sglPNktqidlwqMfqMtXHPekCoZ-B9K6STeUtH4bohNlZMwOAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0IvgRcu-w4mlWE-F5vVLLnY6_lIg%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

75d8e1698429770b759cc3e200a88890e5c5821f2220d6c5e4a7a4b0368d4a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:17 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=9WuNZz0VvNx90Ii-jR-bPgQTwHH886odQH8uVD2HiSn-X75_hha2k23SXcL-hNTP-J7r76XTzQaT7_Me8Zh1sQJChuzfW7uNxNWxlzbXTJWOYx1gIHw3pfa11DBKb03rEbvfHk1K-NnQXbIQMcvepTO-oJphket1R2A6SwgwzMW-qpEJIMd4VoMnDWIuJQf_Syh6JIwITVVk7IJ9xsqQij2uZCHZnIvBhxa3TzpFRQiy7o9tLQqkp8IRlDrpurbQuj2PUA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 4204209
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 0E3E 3 KB
1 KB 73ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:12:22 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 0E3E 20 KB
8 KB 55ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64092
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:06 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 0E3E 24 KB
6 KB 65ms
34ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 03:38:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 361718
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Aug 2024 03:38:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E3E 181 KB
57 KB 154ms
124ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
DATA 200
OK truncated
/ Frame FA75 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3bee0a5648f1db23f08e2fe2b509309cf0fe01c8d8e217e48c31c7e9f2c4312

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/ Frame 317F 402 KB
126 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c81f14e2bb3209ad75981c1843043f0a465d4c090f2313d0aa5398a7767ca9ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 11:39:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73680
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129468
x-xss-protection: 0
server: cafe
etag: 3806458570195517322
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 29 Aug 2024 11:39:18 GMT

GET
DATA 200
OK truncated
/ Frame 0E3E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4aded8f694dc4a45c0c7834df0912c2accc184fc26e7e4e399b5d05c017c4d07

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame DA4C 2 KB
1 KB 192ms
113ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNAAMr2wIu-TAAAeJzLWr9C572iKnizsKYA&u=%7CtjZTWvtI%2FmDrvNACyreIfeaqx%2FL%2FKaJ2%2FFvV%2F9AZ7rY%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3mJh84NYF2ehMGmK5fFv7TidSWOgLPmRMgnHEJtWrEh5iHhi-0eLNLDaGckY0jUFz1kjdJJvEONOsEakr7QKFbEBRfYaGbjuXKGi1HxVZdMFwAfVfGI0-dAtbb9oiVXl9ibUrtHeL4k4XucPcG5ovwCxs1dMrpZOuM7AEdpfovuW4ZdN7f057Wo3wPmC8a879Hu7vv54vMHVXulqPOmw_MMdwdpoMANwNy58Llpmiv_aOs1PxnnDVei5x5yURzVAKQcqj_9PRmSX6bKHH-kcDPIgjTPoQsLLdgQ9rwRxv4dF5depedOVpGDFCrIeNT4X3yjjObpcku5dvsHPXV-oUrpjoAxjFcODWgdOqi9S0t8h9sz_UzQfESRS5JIJeIGq-3puFGmZw7b-S71gVS4oIm4arNlZtvAH45Krv0eNDfrmoqp2QlDBGMGt24eIHJawOAmQxduiEzqsJ34eymZovs6Eg2fYTC7utxZyAOeYo8neZA42as8_Y5SsSAkvj2M57BbHyka5yJc0gPJZDJAJ4__94zyR9o5AN_bU_-p7aIsurmC0TVqGMT7YtsB6gzFbI1U5MoCOrGe9wfZ49HMBW9IHCnU7-IB09A&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6dY8NErwZOzeMsDJ7_UPzJOeYMme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC0-pTdV1Ssj7gAgCoAwHIAwKqBKYCT9DU-b5wljDy42oCgCKUdhZ3oge6vkyYaTYPyKw-88ss-pI1mK62sBjIPUem3XqGKirlGDMOawzJe0tgHhr6RgASIwzI5yKZiT_3sFIYtxnrjOi6UyfEt4NP2e4E4PejnfvB1y2me7kReibFBb5XbDB7tyggotbkKZuTktQ6WtE-tckwCxPuJ5zwWXLAIPK67jzKSHZoi5XmJqc0eyZtCZC3GhQB0WB7YHXOMHDZHEMUX6RdJaB4kxqc4YxcgiZ96ASULdjGbOJv4rRrt5Xypt4EPu8A1NnFnm2NozXE4tQPs6zNGy7I_5n48YDt4QXI-XeX4szgwz2MjKbQCqG3yiY07BX1dr7Kk0e1ngiSESMR5rsPKF6LM6isk1dfDKuNocgB5VMx4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0TjO2Ql7COIVxQbAfDoUVArzlNJw%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame DA4C 2 KB
1 KB 155ms
77ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame DA4C 308 B
637 B 149ms
75ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame DA4C 293 B
621 B 151ms
78ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame DA4C 43 B
348 B 157ms
38ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=eJQpvQutJvklX78xyGDUIOhooy2nmz0xeD68IC5dT4wjt2a14zPGUhbHmcg667HqFsgUjCLOVB3JoEG810KYWhqWxVGjlmnTCOo-psNdY4pjhP3AnO8HCi0vftDk34ocX-r3UIwspM94m4H4mzPB8AcJxuatKrzv3-BnbSllzC3leq2R-UM64kZGsJbQ-TmEh7QL8v7qCkwHxCmr736Vm47LE_qn9tj-CtWpP-Q1nu0DmHbtqF8VmhExRCs5kWpBHtMMUpMZwG7B3GnGuL_gBZ2KUjp7mFidNmSKX9zrgf9o_Ogi-N2waLR0T-KshVQYVOifUED7GPVEDT45cyyrlwqUN9V23t4X67Emvp-qNgv32hNf-xhkf4RvKbg8HKOiONh_QvnLuBV3FrnA0Dcz33qS_iDH8mCXmQYQD8eIUv1hunZrUURxeyhJerSbQu8yuBBM7NctsKbrx_a-Yuu_ONQSo3GzIv288jwIsgIkq09a6yzufEsfURQtxIw6F6DRvHnnpO6iFTQf44NAC8qfVRYsio4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:17 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1541142
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4900538/ Frame DA4C 58 KB
58 KB 150ms
76ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4900538/e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c8f5b0910ad1e7494f3713d5a7db386d0a92af4f28cff5b80ab2b198fe1303a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 11 Aug 2023 08:44:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64d5f4e3-e840"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 59456
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E31F 145 KB
50 KB 113ms
111ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f0a563b47e044d1e1d4e4c15f2108b4615127ab673477aabfed4380f48efd93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50972
x-xss-protection: 0
server: cafe
etag: 14965145827962868020
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame DF6D 2 KB
1 KB 168ms
113ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZPBKNQAHZY8H_YIoAARdiZMWiyeNc00-rReO8A&u=%7CbNmyvxVtV39KXGIyoTKCsxBCLM4KsQ%2FxlhP4wbIfK4M%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqfOSxiZ3nhhcoubwAtGAUFL8vtRYiskqAhFmQ-FuiUCcCS_xrHLPz16LZjYzGpEzSQFjzGFsoRd3u1JWY-vTEnzxvj0cp_692iXvC_Il6GlMiWU6m8mWg-gEpXobiGCYdhqcoPjzuPfTIQ_p4HFxSnPA46iSnnG0bewFN0fg1bslWrH14qNvRSMkWAYBN3E7LSVLPyX15P_E8bIX2DqjKEG6Q-Ic1Xl4KxV3LuYSaHGbt8kiZu8vQ-1aS3NPFT70ihYKEmZkuaboK9z90xF54HyqFoKEuJKAHjsyY00GI3-iwQN6FDWGVsgBaInMXhx5EMSMxGfXaIgNgYXhnZimVpvm4dYI5tPt2Bovu0GJKajclTIKocIMv3_9y9TaISlNFxp4ma6WlAJyQb77B_LDdp9CyGA5meFWRUMtDFaRfxEKg4Q4U-BT06zrJtKNNvdpCXalSAV0KTPxik4dZ28gk-QhMkNrr-zRAqCJFvl7CyJpp4JdDt2-HrEVVRGYHNdRRRPof5OHOcEIIL1F3BZ5IZhiL02o4WHED_wjhvsnicqUWRkw3JtbSCitOD0WKIFGJM_IyYfngPFVMmHSc1t8Qgs7leyts0DmN2jBgvFG_c3wL5CAJO8VFxR6KgpzC5tBod7UMG7-pb7dHrayrm7DZwotLQ1YoarZD4jGGX__3R5NA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRIDVNUrwZI_LHaiE9u8PibuRyALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjYVSmSyVbI-4AIAqAMByAMCqgSmAk_QcZplGqfJZeFSI4D8gWBVRFA8SQrcTHsjHBNfcsVdEfBtt_WSdEdftt4w0sQunwItbpj7cAONVuUXerDuSEIKFPnKOUzP00JFj2tjJq6irv7CXy3Yd7XkL11q5WABSApeR84pCHJ4tPllcs20evCW99GVJINIbWlqbyRINsFyR3hP5yQSFN0ffL_foKmDRkS5MTE1muriloPqftV-5AJILIY5pU1tQ-t_G5bNTjJxDZISYJQt9C6Aykm1AuGJFBZWBjB06wHlPJTJtg3KJX_xNYfgIxQrVEC16Fe5nNauUd3p-9ki0MmVQMtPtxLAAcGLG1f-DNSgwU-Y_R4k0qVAeA4sglPNktqidlwqMfqMtXHPekCoZ-B9K6STeUtH4bohNlZMwOAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0IvgRcu-w4mlWE-F5vVLLnY6_lIg%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame DF6D 2 KB
1 KB 200ms
145ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame DF6D 308 B
636 B 147ms
112ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame DF6D 293 B
621 B 151ms
117ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame DF6D 43 B
347 B 118ms
39ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=XyVF4AutJvklX78xyGDUIOhooy2ndnqjL0_mDbHNVm8MOtuq7ewAqAoU4dfSq5GFNWoYj3bBD5Is_5vKdsQj7026KmC7a0FT-4rll5Mn8SN2n9Moz4l2PRVaKWrmKioDIhqv6PfQRCCcaGYLWA27fEdLfUb53OrqUJOJWH_QQY2Lfi-C-avgWMDxI_o2Wm7oyJ9C8HW7gawRny9o6iFkK27pOCrJpVy13kLOMh15pgfkoauZII5zGs_9SmC17eZtpYtjgs9aBSXEupPivyOex7LtJJ_-_38PIAPvs-QJywPUEpp1KDYFoUu38mekk9cbm2B0lzeeLDPl3ql2QNJ3r-oCztEF1ko4p7NzJCp7MGWKjdiIx-8_r0Pc2mDShDaZU6RSIUFaVOi7fHYPU4kCUOMSPCQjtoZa7sVjmYYTv5b8ZA1mkqisFph2zgDMmGuIfz9BbXyXqN5BBtmz45MGPQRs2JMvbC74JOFVkFr00EuKfthQ_OFXD9Pam8U2XwkHzc-_7_bZS7pOKi2NzXokzZg1Ke4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1531874
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4900538/ Frame DF6D 58 KB
58 KB 164ms
130ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4900538/e3df4e5318cb4bc395f8830f36a9753e_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c8f5b0910ad1e7494f3713d5a7db386d0a92af4f28cff5b80ab2b198fe1303a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 11 Aug 2023 08:44:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64d5f4e3-e840"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 59456
expires: Sun, 25 Aug 2024 08:07:18 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame DA4C 0
128 B 129ms
39ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=EC0Q9z0VvNx90Ii-CDZo_02-1M1OK1v7Hl6Vyq5UsX9oU49gnGdCDj6yEwDyA9y3wNufUtQTcS8KoB64hpjA1LOignqS-rOUo_iBMyLZyetIDG6iGuY1svYbbK3ro_Oo754PKC_DyzofpJXYvB36oFLEs_aiL27G4KUqBmPIIdkhJsdTAILCSVFVKidycXPm3aHzzPvpDZHjqjern1xR9irk9neP8qNPBMS3EX08mjyeU-wSINZ1l9JZT-Vr2O_YWXsA-Q&sds=2&rev=88100&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 08:07:17 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame DA4C 2 KB
1 KB 161ms
117ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame DA4C 2 KB
1 KB 79ms
72ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame DF6D 0
127 B 49ms
49ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=9WuNZz0VvNx90Ii-jR-bPgQTwHH886odQH8uVD2HiSn-X75_hha2k23SXcL-hNTP-J7r76XTzQaT7_Me8Zh1sQJChuzfW7uNxNWxlzbXTJWOYx1gIHw3pfa11DBKb03rEbvfHk1K-NnQXbIQMcvepTO-oJphket1R2A6SwgwzMW-qpEJIMd4VoMnDWIuJQf_Syh6JIwITVVk7IJ9xsqQij2uZCHZnIvBhxa3TzpFRQiy7o9tLQqkp8IRlDrpurbQuj2PUA&sds=2&rev=88100&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 08:07:17 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame DF6D 2 KB
1 KB 108ms
108ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame DF6D 2 KB
1 KB 109ms
108ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Aug 2024 08:07:18 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1CE4 145 KB
50 KB 163ms
162ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1585bc7dfc96f8d391477f904785f2f85883e4ab39606bf49703fc6984cd1e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50971
x-xss-protection: 0
server: cafe
etag: 3482856780519412411
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 317F 56 KB
20 KB 373ms
372ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=267560426832837&correlator=3708603951237681&eid=31077464&output=ldjh&gdfp_req=1&vrg=202308280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com&abxe=1&dt=1693469238563&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=gp0xrb2mzgxw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&loc=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1693469238063&idt=398&prev_scp=in2w_key9001%3D1%26in2w_key%3D15%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--3---%2C--3---%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D15%252C16%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D7&adks=2408727451&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

322cfdb91f6e20a97ec72c03f5e6755e82f6eeac5f7f2f57b6a9c71daeeedfee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20173
x-xss-protection: 0
google-lineitem-id: 6135185025
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376945716
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0965 6 KB
3 KB 63ms
32ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E31F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: daf6bde03335c110a3be5130645023ae8395c3a7724b11c97acda202f6fcf830

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/ Frame E31F 384 KB
130 KB 123ms
123ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b33f89610cacd7b17f7b6c16429d0505babf974a31f0a2d6ea8b5b155a06839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133240
x-xss-protection: 0
server: cafe
etag: 12051653964863814819
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230829/r20190131/ Frame 6621 10 KB
5 KB 100ms
22ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230829/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 48690
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 18:35:48 GMT
etag: 9878862242593084568
expires: Wed, 13 Sep 2023 18:35:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0E3E 0
0 67ms
66ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLGIFNUrwZI_LHaiE9u8PibuRyALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAjYVSmSyVbI-4AIAqAMByAMCqgSjAk_QcZplGqfJZeFSI4D8gWBVRFA8SQrcTHsjHBNfcsVdEfBtt_WSdEdftt4w0sQunwItbpj7cAONVuUXerDuSEIKFPnKOUzP00JFj2tjJq6irv7CXy3Yd7XkL11q5WABSApeR84pCHJ4tPllcs20evCW99GVJINIbWlqbyRINsFyR3hP5yQSFN0ffL_foKmDRkS5MTE1muriloPqftV-5AJILIY5pU1tQ-t_G5bNTjJxDZISYJQt9C6Aykm1AuGJFBZWBjB06wHlPJTJtg3KJX_xNYfgIxQrVEC16Fe5nNauUd3p-9ki0MmVQMtPtxLAAcGLG1f-DNSgwU-Y_R5m0ITS_4GwkexRhnlyS_rSOO6GA3vhYsIcr93b2RuNVVPCSz4yieAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=fIC6vI8bbUs&uach_m=[UACH]&cid=CAQSGwBpAlJWpi44G2Ea67pXHzEGKmsb6G9F9U8gCRgB&cbvp=2&vis=1
Requested by: Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 0E3E 0
126 B 139ms
38ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRA1SvBkK-43-d1ngpdsnQAAEgAACgpBUVVCRHdFQkR3&wp=ZPBKNQAHZY8H_YIoAARdiZMWiyeNc00-rReO8A&cbvp=2

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 188042
server: Kestrel
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FA75 0
0 69ms
69ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CgPAFNErwZOzeMsDJ7_UPzJOeYMme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakC0-pTdV1Ssj7gAgCoAwHIAwKqBKMCT9DU-b5wljDy42oCgCKUdhZ3oge6vkyYaTYPyKw-88ss-pI1mK62sBjIPUem3XqGKirlGDMOawzJe0tgHhr6RgASIwzI5yKZiT_3sFIYtxnrjOi6UyfEt4NP2e4E4PejnfvB1y2me7kReibFBb5XbDB7tyggotbkKZuTktQ6WtE-tckwCxPuJ5zwWXLAIPK67jzKSHZoi5XmJqc0eyZtCZC3GhQB0WB7YHXOMHDZHEMUX6RdJaB4kxqc4YxcgiZ96ASULdjGbOJv4rRrt5Xypt4EPu8A1NnFnm2NozXE4tQPs6zNGy7I_5n48YDt4QXI-XeX4szgwz2MjKbQCuO167SzY4nmySLeMJeIOPCbBSmn7JUXqupDDg5eLElzFC4nJdu-4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=Ul4QtYIxPkw&uach_m=[UACH]&cid=CAQSGwBpAlJW8bMhaQ-q8_d_p5JzZqEfYPeSzxFUZhgB&cbvp=2&vis=1
Requested by: Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame FA75 0
125 B 138ms
39ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRA0SvBkuqbiBEbj8AefxQAAEgAACgpBUVVCRHdFQkR3&wp=ZPBKNAAMr2wIu-TAAAeJzLWr9C572iKnizsKYA&cbvp=2

Requested by

Host: 691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 189244
server: Kestrel
content-length: 0

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/ Frame 1CE4 384 KB
130 KB 147ms
147ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b33f89610cacd7b17f7b6c16429d0505babf974a31f0a2d6ea8b5b155a06839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133240
x-xss-protection: 0
server: cafe
etag: 12051653964863814819
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 317F 16 KB
12 KB 126ms
79ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f1d57da4c0d3f6abff262eafe5427a9bc35eac6ca5fc01692114a129744a2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12018
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 317F 0
0 141ms
65ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstuAZn_5v3Dajfu_G9criGBdglQ50pNDRnIDLaObB4oiiFsaE4il5qNATJ2sc1qxHhKpFg2PaJGr6CkMt7U8tFnWRvFDW4FvFzCDg9qc1BV6vAzErDcIxMcogP0R2MSHIEUaQesz-5OB1TGcFv_3TTsO4xpCwhfvTgZjWN4jUO9edi5oU5OrppxV5D1EatLGsIIHxiSIqnXIG_N2-M_Gjq44hWAuBPgYrb_xOUUqu7fC0JNL5qjjsv-sHpkZfAHRxdT3iMK7-xvco7N-3hzBK5R-s-jXPxU9WxZi3hebKC8X3yVF0WKGfT8XNh4fXYKo_rQLeBLnb3_GRTKX1lQgbAiFIysDrn9qF9VDqmzxxtX1BcIgg&sai=AMfl-YSGX6Tvwo73TDS_-M0wa1gjJPyFdhjajeRibHaoRwSMcbT1PGpMAJ26YElGJdhaQ8j-tsAjphDFIC0gr-M&sig=Cg0ArKJSzDenvqTZv-r_EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9991 0
0 59ms
59ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHcz_BkJlcQDH1xhyvDmA5tVvaxwibqLCYmdTSy0_IqOdFePoXtIfaARZcXb_FXJs6blOtro7tVBiWFfL7qIBDxHx1Res67DipZDNkr1LKBymb_qXcHunFF0zCLc_J3-s7lu5sHKUKMAtbXTrR3Fq0K4OpbkBIsbP-ENnXyb_JGAyMcjqrPnpgZFFlGL1ND-D3yWS4EHfsn2-ADbjHFmLVybRMR419sYJcplFdKtH0sz3Kv70JZ9SR0GAZy34K0AIkx-MVNTyfuipdTbwHSsDK2OyTItXwmwoJcRKSHxcQNTnz33mLn83ZZAw0qpz5nbJYh241yjD2LRX27wNbgA6Yelqtwsj0mwy61b-mS3BgJ0o&sai=AMfl-YR3Xwd0HHvIxq1iXS7fcY0nnMRdf3tvcSxIUmbx3iHwnnyy5zJQQ5l7PEIOpfAUqaeIerOTanNFm6xHF-0A9bTd_qI5b_CabOsIKg&sig=Cg0ArKJSzD-lvo8AX7OPEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9991 181 KB
57 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 317F 17 KB
7 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 317F 22 KB
10 KB 282ms
282ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=267560426832837&correlator=3708603951237681&eid=31077464&output=ldjh&gdfp_req=1&vrg=202308280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50|120x600|160x600|300x100|300x250|300x600&fluid=height&ifi=2&sfv=1-0-40&rcs=1&eri=5&sc=1&cdm=691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com&abxe=1&dt=1693469239120&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=gp0xrb2mzgxw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fover_lord_di3jiriyu-yitengshangwang&loc=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1693469238063&idt=398&prev_scp=in2w_key%3D16%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1%2C1%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3h--qgz%26in2w_key7%3D1580%26in2w_key8%3D15%2C16%26in2w_key9001%3D2&adks=2408727451&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

362ed17a15819f0eee07a6337d4724f4f18003aff9e8603d275ef73f78964cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10602
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0593 25 KB
12 KB 224ms
223ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4728e1ce0ec1de440ef99fa5e88e0000e23606a697ef94fbfae3719b59056174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11869
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EF4B 26 KB
12 KB 291ms
278ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ede47ef8e9be955000f9a227e5bb6aa0e983bc6b2a374e4b05c97f285733b575

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12329
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET view
securepubads.g.doubleclick.net/pcs/ Frame 9991 0
0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AFB5 13 KB
5 KB 42ms
26ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 3297
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 07:12:22 GMT
expires: Fri, 30 Aug 2024 07:12:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9808 829 B
1 KB 264ms
0ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f4a6bbed58461b749a6f25f608fac1018d2cccff798cf28d721fc56dff63f822

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Qxj-1o00aOaw7jeSiofDmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-Qxj-1o00aOaw7jeSiofDmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
expires: Thu, 31 Aug 2023 08:07:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FA75 42 B
64 B 253ms
237ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstWALQQbnZDUf_yNToCKDZEZ4SOA1H8UmoKxac5KPSc90PxdkRfhmDtvGJLnZ2nXu4CBSY7HYthvQ2oOKd3dyIMFp-gvN2R8bg6Sog&sig=Cg0ArKJSzHak5znHvWp9EAE&id=lidar2&mcvt=1027&p=0,0,90,728&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693469237987&rpt=339&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0593 42 B
63 B 215ms
211ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BK2hgd3cCrQcZPOQD9dD7pKSTgHH-8qWgAQAsk692VFmRN4JF2ESmK4vXcBMjSoX0KuGskd1yQri2D8f7QgCBKgI0qROpb3OUWD_iY9qixKMqH3Q8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0593 0
20 B 214ms
210ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17331312949026050833&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0593 86 KB
29 KB 193ms
186ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 0593 3 KB
1 KB 56ms
52ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:12:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame 0593 20 KB
8 KB 58ms
52ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64093
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0593 181 KB
56 KB 83ms
76ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF0F 478 B
195 B 90ms
86ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNVuA86y5CEVrxf4Q_59Qg6wqtknFGtSNXLw5tyfuWlgYe343k7XasmYdUD4KXfBlZo3wTDjAMNGEURqkQE4Y0kI7KsQOg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame DA4C 0
127 B 54ms
51ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 31 Aug 2023 08:07:19 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 9991 0
0

GET
H3 200 container.html Show response
70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FE81 6 KB
3 KB 43ms
40ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308280101/pubads_impl.js?cb=31077464

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:18 GMT
expires: Fri, 30 Aug 2024 08:07:18 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame AF0F 170 B
409 B 201ms
47ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNVuA86y5CEVrxf4Q_59Qg6wqtknFGtSNXLw5tyfuWlgYe343k7XasmYdUD4KXfBlZo3wTDjAMNGEURqkQE4Y0kI7KsQOg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF0F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1&C=1

43 B
632 B

32ms
27ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNVuA86y5CEVrxf4Q_59Qg6wqtknFGtSNXLw5tyfuWlgYe343k7XasmYdUD4KXfBlZo3wTDjAMNGEURqkQE4Y0kI7KsQOg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF0F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZPBKN5yqgN46xKxpP4SFCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1

43 B
632 B

26ms
26ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNVuA86y5CEVrxf4Q_59Qg6wqtknFGtSNXLw5tyfuWlgYe343k7XasmYdUD4KXfBlZo3wTDjAMNGEURqkQE4Y0kI7KsQOg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFdcu1CDEMt8Itwr9JiFFZc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF4B 42 B
63 B 144ms
144ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Au5R2aCm-kJTQesCG8z7sJt0T3E8X7qAtJSVY_Wz6q1KElrQ5SfR3z54-ac0lS8NWK8lSeLTypgH8ROFsJPo_DiolWGSH5tz7bOSH9IhDriYt0wlo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF4B 0
20 B 149ms
149ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13882633666222990016&x=1&ct=77

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EF4B 86 KB
29 KB 99ms
97ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame EF4B 3 KB
1 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:12:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame EF4B 20 KB
8 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64093
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame EF4B 0
0 58ms
56ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDona2J79_IuMF_lKaW2JChAFd3cDuKWzMmDGDR62kMxvTOHh2hHUuCJ_ygNmmtN7jJ3n8d68w4Q-4lNkOLptpkH9Vsw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF4B 181 KB
56 KB 80ms
78ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 75AA 611 B
263 B 87ms
85ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COemXhC8s_-ZBRjVwuj0ATAB&v=APEucNXPiEQ452bJPAHxzFgfx9o2xlT_e0muqc6oTkEJOVH0V2gVpupVDm7Odf891pvwH89oZn8-C_naeTKcpZopEIbv48jlcg

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FE81 86 KB
29 KB 118ms
117ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE81 42 B
63 B 146ms
144ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ba7-jdQ64xH_eYoU9n0n6JP_koc0a_sEn_x65hgPUrJRToPaTShollp-0xNMa5RDW-6jUAbZ9HuFARLWxqvkIVARZ-orYQ-xk-ai3PkcG_u15hTgU

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE81 0
20 B 147ms
145ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6549957044309561238&x=1&ct=76

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame FE81 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:12:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/ Frame FE81 20 KB
8 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:19:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64093
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:19:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FE81 0
0 32ms
29ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ-ZyEkpkZxLHsI1hzyUyTwKgVt2gWnH56sJuAvJ3YI5LvOto6spXT-yLo9nRJQ4bzz1Ch9-Y6cCYNqt-5bUFcjHWZp5w
Requested by: Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE81 181 KB
56 KB 76ms
74ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693394992224923"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:19 GMT

GET
H3 200 y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js Show response
pagead2.googlesyndication.com/bg/ Frame AFB5 37 KB
14 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:24:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 150181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14793
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:24:18 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0593 0
20 B 152ms
152ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7608422870321&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0593 0
20 B 142ms
142ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7608422870321&version=m202307240101&ct=77&x=1&cor=17331312949026050000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0593 16 KB
12 KB 92ms
88ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A5TyVBmUYcH-gtgC_0BOF8YjNZYGbNRC034fE0m8GzivZVDftattS1H6LbWXInxMNE7IMBYtRW6nGUsbtmV5Xn3jrCXwiIFEO4nmjvM32HMS7TjWmNZ8aMNv7eeFyqH1ElGMJo6q53ELBrDAbcu4Q05ANyOjihGNtzBE6BFbsx6LvInWI&cry=1&dbm_d=AKAmf-A3FnLII9LNopkVNi_eoz9mHUOvIfN5mMetSDHUPQ19EXpoZxaG08ALgVYDGG6V99gj1NgwaA6D_VjYCSJ-45YkTW5G2-I2Vy7WYfJ7-vL_8N_Elaf4KejbJ_9RobQNki2l4SSEboQxDUp4WXK7NdfvUHO5lDFvl-QWNW-_xAAZZeYcCr-P09GQj7x2jWH0_AqsSdwD9l3NNWpedxpZVo3XVGJFir_1qlqdQbbgpYTm0t8I9PfngeWLKt1As7Oue8vhxrRHrmbSy8uqE2rdzGHU5KEOLugQ9iWp6R-6LIb7X74vWIHeBRWLTDbN4UJOyNzl33sDk6DCxsNkUEpKTupnDpHUnYuyoeYSebTtAcUnGE8-mNmGe6A-4itO0R1huC0wrP10s5ZVUqhVbWNsbjhm61r_EQKUf5Y2IpVMpkNQgYEd0koj_4xj89EabdyG2NobGD52fyfmys2Sf-KZgZ85BQOoHrIn6-hKRiWSgin9KjKXvi0NjXyoaS82vWnOhD6KCgckkA0sLAiQA9E3vL7ikiCjREk_NX1F3a49MT2LvqUToHFmaIl1meVxh0zIOgI20YoLLZcPLJyjLmOQfopACE8HxGJXXy6zR6LXuCQ56a3LmIWAambGRClqJU6sopSXOXl6HbyMLNrjvSowQO8bYhohdRsVXr61rvl_EDOQ7h7uO0cwD4-lmTjlwj0BLr3EqJUkqUd-z7iPF7VvQYFAaz9DLVxD_9ZMKM4kkCt1MrYdLxZIowE8Ml14X_usozJTxbvoGS-n8AoMFtJIeISLT1lQmqVrBorFIwShCh17ZPh5pR_slg0cG7AivGt615jpoaDp_-A_20dn0cwP31V1RcrWaYnwlA7RJoA4B2MkXLa6Zr5r5n_rM9HT5VBZ4nxcAXt2vUF3iSL6e1YSN0Bu4fjk8vAA5FBW-cTLRRP2g9ewijNyFzjs4wPE94uQPNiAmImrBGvvBhOT_XENYW4wl-2a6wDu-T4hF-9DEottcPjdkypbJsOgmt6sOWFIf2b7TBM1SgEcu3PZhr5dJoB571ALd0jLw0svkrb-edpeTKKvv0lHXQ4WqYI_L7rKfGbkxmJ1W64rg20yvOkg-RRAoIZdX16sIPrPQcX_EzfquLoq2e3D5rZttz_YM03vTJ0ariWybvioL9NWttubRAg8JGO0Ywgq7uCsd6pL1C-zoTcWPf5RIJJeE8yv1YVxnaJf6fpThtbWnTegAQ1kbY5LvpNpLdsnhXh-4_TY3W3qHbA3N9pQiJMcWmL_FWVFl4x5EynXY9sWnE-E1r6IyPsDnGOZ3J7jOgNuV1mRLqS_7v1W4yWQES6kf3aJNAvSGquE8IzGvD5wyAs4YeDRq6cUqKLKge5-Ae_pwWYgjgT5wDfq4GVCP3K0v56R5gKzeLrM01GMX6yrpQn921wnk9EjMQ1PDIVTxb5ZhT8RUuK59jMUwXnVQfI4Bw1ArU1PbKqyB-6HJ2GnzS4320_XtgcXYZdbnrlTmXA8f2ttLm4ljDoYgRiKAT_kbxwjsTX8kJof11LifRtejkvWT5Lk1xWE_KLF0kbzXsmqGnaMWPkDwe1A-t6ASNTMGy_R7THW76Tsfwl6_ctY-x3Bex7rLaMT2JZ4xqn4ngu3u9yjy-IRYvvtJuXDnhUa658rardTRwY8zC03PEyTnScpZky5-4yU2mYMAEs8sMEX7GroKSx4lslG7aLtmSJN4rZyYh9UOP-i1Czf09GrWeR89kW9zQz2aG1IMCPNoOTFq8fQMS9cbbvAymV1_rP-LteU5rv_kmRTYsqqnKKYcZMmJny4c91QYlol3uNbc3VnsGo2RJyw20gWbkyi8gWaqv-Wd_smN6VqT5qE1mojZ2kAKBM2NuL3pmYKGsq0BzWTrPcxEIE_xsi_3NF2QJP2f2AyZHLO9FlckhSJib8IyYrJy9kRCtAwiEOHra119U-Xrm0JMbUKV0ngVF-AWu_SeCwxwnS8Ll7xG2iQlBlIQa1jaGtghme2_wc-3OVv0-9G_a42U5l9kxK8BYNJkk-kiydWJyPyvrj7eAloYd4btBYmqtgfJTCU3AxyzBzJ8H-HvQZyf67vDMsxn3A3unJfBJlFhV6KWVFElqt91PPqcnLE1nwWcM4y6tXWRf2ZZGWwFrbdVKjBDkLDvc_BSDCMm0nBbkuSLAV45fMso31zAADif1CIG2kPBL1Emf4JtPlnGHasRY3O0D6rzTrsUKJaAaLu7qgcqduZ6J6EtSSYNWpGiJsAZRMdVBqKyRvSH2CLELkvaFe0VEnwC4EXlxFRRw9eo6ci000K3MkRxOqd6dVVyrWJrH53wk0twb4-oYlWh1aT7GnR7SKj1mLXVsv7UHMn1zGb2u4bdophffPTy5n9yTEiSzajr4bYat_inORhLEp58mEC4sCUheBpt2eHly1Uhx4KJQB11b3vm6-gmn6CuY399bygwJrm9DyvEm6k6jL2gZDQlFvN_2NKOp-KBMae1MF1bRcNTnpkNxRp9O4kf9YIWHzFQgRZq8jMIpktwXJzFjZQTz_VgQyH6Sdq_0sIzblMLFkKMbVPUNl7L9PlxK3Hvhu4I3VlCAqtryae6Pn1nnvE16A-xakwXyQSlm4xv_gNcnsTBXBEqW8lSVXS0ECYn-e68A2XiRy6rOtRjdnl954hJ3iQk1RAVpGuApztKgduWBkp-o3ve9T82imL5370NGgkgWac3orZBzjkWoZ4pE4hzgFjq1wcAUrkJCoQAA-HqsxKi5JI437vbr6bifVGOyDCBMtjgJth8V62yyn9cCXOOw0FZMOAvvHKOTpuKXwx4f3pu5ItxJCph9bRebGV6UeE7R_M39UpUKS9t-GNfL439072iAWgwi1W4VcRr8HH89qhYn1I6z2TSiHgsdlmMIc-rVMvSGEH86E-SHruGiJ2TSRtqSIH9_fIudEm9GPKx1KUZWuYFT2Qg-Xv8gvh0cD6habW1U072ZOcmlHv5HPmaCVLhDPuChUpUgWn-EfFsBnA1Iltvq3WoMxBpBNRM9qTMBksJl3cq4aTudMBG5uCeV9b6vur8S1DqZzQarqdz-P7OeaOdxMNLSmVGD6j8YdEvpzGTfJc33XNg2Y912uuq38_1JHku55f1-LazPHC1d6FcFfi_HdOZbUX-yhazp4qqkbFc8Ow1YYfgNTZhCqJGzJwIEIWqTGUUuIqtCGc-aiXCJK3vYdNjsIwN1zp_D0VQ58E2ASANCb5-QYhCJ_FsGtj4Q6XqipBtib3QfWyL0-EMdxOMMV2771BipuGFS_F42Qz674mGjgNxxGJ8iMt4LFedcdI2kbrC-L3TpkFOTWrSthBSfidYfwS9gRQLe2hv38lD8vr_xajITurCchP2BYIPw0Ik9291O6Kq788wrQ-aoT6ugR6LgiERHcaq50Huh50NCPSBoqtGOjsa3AzWti5zOWX8o-ynPkyO2nF3wBxhYkcidfBwVW40yxo5CeCGJWltDuSWmTJjcMbJubwJqhMWx-RkO8wupqv0ewxxe1qJRN4sXxplJtvZWcFKN9qoA-iVWNuIxOGwrPWDAAu3v8Gr2MQfbV_CVzLYMa236YM9QHLrSmFRuLuw9mb_4DcZrg5FWOURm3GC6_0W9dAts1CZrkPV1xPZg8rlVxwO_kqO_ZVRjLDFfagvsJBngCWCW3enTQAeV68EI_93sTBUNyb_uFb5-gwBm0I3Rflym0rYCKi&cid=CAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=17331312949026050000&adk=627576174&idt=253&cac=0&dtd=37

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6323c220b6830615401d1cda2da27beb8023f734880950c5add83b007552f0e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11994
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7551 611 B
263 B 121ms
104ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNXXxqO9JrY4PVBVIvv2QUIJjKky5Y4TZfiTLXYSPNJQSzISFc5MrEDbzk1cOJSVeVxxyxsLM7iBj104k4lyTZg3feTbRg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9808 0
0 123ms
123ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308280101&jk=267560426832837&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

bounce
ib.adnxs.com/ Frame 75AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOYDDHP4Ufe31O5V9K4r8Zo%26google_cver%3D1

43 B
894 B

30ms
30ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOYDDHP4Ufe31O5V9K4r8Zo%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COemXhC8s_-ZBRjVwuj0ATAB&v=APEucNXPiEQ452bJPAHxzFgfx9o2xlT_e0muqc6oTkEJOVH0V2gVpupVDm7Odf891pvwH89oZn8-C_naeTKcpZopEIbv48jlcg

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
an-x-request-uuid: 8e6d7c92-b1ee-44a0-8919-b96901d50f6b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
an-x-request-uuid: ece75fbc-5840-4d59-96be-f0f037e99c38
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOYDDHP4Ufe31O5V9K4r8Zo%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 75AA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTQ5Mzc0NTk1MjY2ODQ%3D

170 B
188 B

37ms
37ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTQ5Mzc0NTk1MjY2ODQ%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
an-x-request-uuid: c0daa6bd-1c1c-4104-b2db-a68edaca0bda
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzNTQ5Mzc0NTk1MjY2ODQ%3D
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 75AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1

43 B
106 B

34ms
33ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COemXhC8s_-ZBRjVwuj0ATAB&v=APEucNXPiEQ452bJPAHxzFgfx9o2xlT_e0muqc6oTkEJOVH0V2gVpupVDm7Odf891pvwH89oZn8-C_naeTKcpZopEIbv48jlcg
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 75AA
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE81 0
20 B 193ms
187ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5343829527588&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE81 0
20 B 188ms
187ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5343829527588&version=m202307240101&ct=76&x=1&cor=6549957044309561000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FE81 89 KB
37 KB 125ms
69ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwwgKbk2V_dw3E5lG5YKuxYnd1irIVcElDR7oTJt7rTigV4Wyc2BA9L4NBPr3MZbSJ6llfBdydHaFYzKBw9XnLsLuQaw&cry=1&dbm_d=AKAmf-CbUz8NFMt4o8on9n90dulQDL8zH9TfyeO_ua_xpqztMBCEIoFk4K046JIbLwfrDq42k62gPygbTHjnJhXwi5E9umwS1rHjAUIRmzZ_GdnnBDg79wKnpa6tu7lQlP1Wy6_cxExOZiZEh-8D0CMh50KTxS_iRofGsLcpQsPrPm6Eu_iAls7xB3wXtd7BIhLnfvkQBq4_N_M_4No4WpqO8VT74ZAOJ3rk9bvFZDOKnOLUy-zC6EI6sWJnRWimq3XLgz7ujiek2snDxgIT57gnl_I1PMKktREocVFH9zFsLXjlHAIPNOn7hW_5Oq_12Ht5BCg60GAhwDd4APlNDoNv6LY_G_w6IfyHnx0GqMN3NWHWHaeVXvwwUdUmw0OjuBSZw8IqHPc_kHmNCaCXZmzZpzFI3Ce3-2278BE548sj9OT7vZn3Izjogr7LelGX3svkVX5ajsUUfxYthhxhc3BtGKRUClW-1UBs5fx0ClFBGpiNCYF2Gj5mIrqRhiO2Ejh9yJRr1dkMYUg9GwUOTTFZ5YlW6FEHGob6uJ8J3yoqPK-fMPrnPFsw9C4NrvzRCeoj2Uqp2WGMWSEOEJpGSHFwNiZ_7ejAjELqTFOvBetB2aM18bJib7pCODlxiYTnV9poas3lafe58RXuBskXpRa1-cH95tPA6OrhRn1fik2t4X_-41Z1ww_VbGBWA4b8PDJ2m2fndtQ6-RzY-t6dOrzrRpRg10tisSxh1zipJT7e-VZ5emIlQHrnMdxJynegEc9Kcu1zvyzm20OOv21M6VjA7PKvkHS8Nqy9SiIKdecpLwzv7JDdeGlv082ODGanrPm1zOrERawDD3SGXw7Tagc2IMbnkzky_3mlJu4fG_7G85k-wBoIT7qHmoMO4rSOSdKyV7Hkmlgouck2egf0TI16l_VZWB7GmCP7Qkqr2A3YbP-GflaI71czaYojhcmfGhIf52uySSToiA-eswD4cB18kB5-6cBY6kxUmcWsjdbpMmFpOhmko_MOusodmwW031uoKBlpZYjP2nJw9uCI0DegNzKMfz_tJhvVEvvnyxKffSlcHAmvE4ZC47m_tOaXKYQJW0jhIjMHlxBJV0IDqMYR9CKZ4YKu44jdfh91ny14kp8K40fM-R8XWkcMjyUt9BHiNJ5L7-EeCuUjPSQaCj4pEA0Tfgdb4VOVn5qyJ6zpoNqjA_A4BUpc2H9XCgxAPjh4TXTCeUDmubIRy--JrVf_DRECHWHZ8i84H-CfOfMLnEUdH0VWaWndgRB1-xriVk4KvOkx_f6GPm6mFVeIwJVQlAME9m_UKXEsukuRSqTkdl-T6SRVWOL-oEUgOkZMH_Hov5uwtPWZR1qwz7z45CVBCPDNmVIB8IzzDZOD4D0UfB5PbIIs1fp-LxLT_4MAcKNSZZLBELQE9Nx4vodZhZ0uyKMw4cg2NPValaK_xFA5XdAijohCd8tFIVs1xhlFu3pP5OvU71Gt5MRuE-Qk57_zFto-kIASm7SHn_jzcfzuxgw7lkxFJCxFOud09B20TydP8b0skP89EehfeuXjHUG6BBgAMNGOhMJxiePj5pksObKYyrROU4SoY2VTFipazk_2Vh1-YrBBbU0hCHgSIxZjbPI_JYBbMQ-EMDqIpYeul1yWcGeB7se0RpgS1L-ssNOjTbtJNwbS-AL0mY9g3GgjPzBk3gCAMrq3LrWx4fz1I8vz7G-EXV3CiXlqHecDKQEq7j0GBf1HeaVeLQt8pEGJZWk3sgQLHNcVs4BoE-Dd0YqtpnXd5rfwG3vQ_Yw_MIWVhgbw8l7liC6G8bIEe1467jJrPfliCFDzxngp9R8fNgRfrx3W6nJG3Vo3NDuVQg9aJSyisUuBhJ1y8xWJNlMM4IB9G4rh2eX9pUc6N6tQT3Q2Ww-uZdcA3I9zDQjQcodxleWQfz8zLNeSEtXXi5mxlnSgq-kQEF6i5xh4znQvO0FK1yUYIk9X5R4I90eSqfZOKg3_g9-hhusAG2jGnhOJ7cyl7pIKWwT9WIv4Qf0L7HqY9cPGJ7MgvmCjS0wUdb-8Jd98MKFusd32ZGxNAZDd6AXsYFNsB17ql4S4bAK8POsi1GPBocuqYmhLsbJDk76EID46a2ZNUb9NShxBy10OqtV7aUpj1IRJ8H6xAYaJCAfLdbuYo2s_lE6u098VLH4gpuI0YWNwt3HCGIyBlKls9jxKvFb6Hxpi2b5uW4C-2K4JR5xcVNHNXv64mjpQBXp3Ruzz3wB1BflKtCWE7oumdSqATjJ0QLYOz4Q4f6Y5Cyn521ecaF_D2V9FLCbyAaaG57xbwFGqBNzdI9Z3LR8cds3d00yBDDI0jWUL2FOqafAeYq7PZcKEvc7Rps04LtpwDtJfYBYesMAxBicWR0gH5pfdmikq9kKUKRpKiIJkxDhu2DztYFtbXoeqpDjdBvSa7LIGTdy82gV70YbQ4yhQkhXlX43wTx5A-s6GM5fNAl0KVERMsucMXUKWUNGh-lJfWJJXGyhiqGe6WB8YhQiNsYSkSeX9RhIMTOdtHNHZ4MnJLTEveGoWP5lFEDyXZtt62HOMaap0pjW25n4E-pTAz9weSRF8hO4Y97Vz7KkknSrzBRYfDaBRSPVq99cs4Kgbk8u33iTzHSfvVybKlYxiXoSQ0-PRtZW3pMbhihL9hBR9kycOEjA7D48Vt-YVSYt2dVBuIVyb6B6jn40wYX8caSqP9tjRcHPVbaECTKxBbZYyGCZ8sEU_edTzJ4LDf104tSRWyQePTv4OWWse5b6_reFbGhyne1wNGB6-GvJEHlCp_S-7hOkSSIfZsaaVhaSe1qDewdiYtR1UqXStcbmO6fz8LMsT1DZBW_k9otaES3ZGTXHVDPvP6ToXPKHwSXF9gRwvhyo-sR3FboOoLKG5T-RaY79GbL6cPfKlCZvu4ZxrHf9PpjdZgNRpIQYmBH7gIx5m98ofutMTljr_IhD_ie-sKZDtDrSHXZDb4aB3o6LOGtW5dzcyZt_mytfVgGjwfzHyyxpNMODSThnA-2Q5Qm606z1OaNz8QzP2vn6bETX_-S82omXmjYhcZT9HLFu1xGmJul-xzNKlouFuB1yEOzf1X-wnrZlDhfMn7K3mXk6D3eN71V2F58ZrpPbCKKKWch7IQZVlFZlQKflZ0FAwi6ab2aOEj-onX4XziaK0MzqHN932ysg34Fv3K1DUCpOqdv4O51RuH6dhUe1ed8r_mv-hmFtS2DCCXw7_dIt9Dhn64eVXoTdeG2JtJmNfFuX0JrdS8ldZWTT_-9V-Nj0uj5_GTJSe_qHlvfwz179t5FXcigZbz1g9bBPoOzrNIoDl5vWZsCgRmMbWeTJYEQuIGgkA5n-8CGOSXFl2G_DTJTmRMvQPGioeBKZPnF0PI2-j5ylFcmrsDpt5oiT5FMOdnCTyRB_2P6CNXOKkbdg1Po1Top6rwaID80ocw1nQm9PffJXJHssGBanR2zbKM7ksgEAHH8ujOA&cid=CAQSKQBpAlJWMbw9dt1Gy7c4hgwEHXzg9xtiGPHbu__OGU5AK9z-UzZ1ffOIGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6549957044309561000&adk=2476403952&idt=120&cac=0&dtd=111

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c6f39277796308599e9ec4d568f6812e2992e96c3c98be3a90265163ceea928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37910
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0593 41 KB
13 KB 53ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A5TyVBmUYcH-gtgC_0BOF8YjNZYGbNRC034fE0m8GzivZVDftattS1H6LbWXInxMNE7IMBYtRW6nGUsbtmV5Xn3jrCXwiIFEO4nmjvM32HMS7TjWmNZ8aMNv7eeFyqH1ElGMJo6q53ELBrDAbcu4Q05ANyOjihGNtzBE6BFbsx6LvInWI&cry=1&dbm_d=AKAmf-A3FnLII9LNopkVNi_eoz9mHUOvIfN5mMetSDHUPQ19EXpoZxaG08ALgVYDGG6V99gj1NgwaA6D_VjYCSJ-45YkTW5G2-I2Vy7WYfJ7-vL_8N_Elaf4KejbJ_9RobQNki2l4SSEboQxDUp4WXK7NdfvUHO5lDFvl-QWNW-_xAAZZeYcCr-P09GQj7x2jWH0_AqsSdwD9l3NNWpedxpZVo3XVGJFir_1qlqdQbbgpYTm0t8I9PfngeWLKt1As7Oue8vhxrRHrmbSy8uqE2rdzGHU5KEOLugQ9iWp6R-6LIb7X74vWIHeBRWLTDbN4UJOyNzl33sDk6DCxsNkUEpKTupnDpHUnYuyoeYSebTtAcUnGE8-mNmGe6A-4itO0R1huC0wrP10s5ZVUqhVbWNsbjhm61r_EQKUf5Y2IpVMpkNQgYEd0koj_4xj89EabdyG2NobGD52fyfmys2Sf-KZgZ85BQOoHrIn6-hKRiWSgin9KjKXvi0NjXyoaS82vWnOhD6KCgckkA0sLAiQA9E3vL7ikiCjREk_NX1F3a49MT2LvqUToHFmaIl1meVxh0zIOgI20YoLLZcPLJyjLmOQfopACE8HxGJXXy6zR6LXuCQ56a3LmIWAambGRClqJU6sopSXOXl6HbyMLNrjvSowQO8bYhohdRsVXr61rvl_EDOQ7h7uO0cwD4-lmTjlwj0BLr3EqJUkqUd-z7iPF7VvQYFAaz9DLVxD_9ZMKM4kkCt1MrYdLxZIowE8Ml14X_usozJTxbvoGS-n8AoMFtJIeISLT1lQmqVrBorFIwShCh17ZPh5pR_slg0cG7AivGt615jpoaDp_-A_20dn0cwP31V1RcrWaYnwlA7RJoA4B2MkXLa6Zr5r5n_rM9HT5VBZ4nxcAXt2vUF3iSL6e1YSN0Bu4fjk8vAA5FBW-cTLRRP2g9ewijNyFzjs4wPE94uQPNiAmImrBGvvBhOT_XENYW4wl-2a6wDu-T4hF-9DEottcPjdkypbJsOgmt6sOWFIf2b7TBM1SgEcu3PZhr5dJoB571ALd0jLw0svkrb-edpeTKKvv0lHXQ4WqYI_L7rKfGbkxmJ1W64rg20yvOkg-RRAoIZdX16sIPrPQcX_EzfquLoq2e3D5rZttz_YM03vTJ0ariWybvioL9NWttubRAg8JGO0Ywgq7uCsd6pL1C-zoTcWPf5RIJJeE8yv1YVxnaJf6fpThtbWnTegAQ1kbY5LvpNpLdsnhXh-4_TY3W3qHbA3N9pQiJMcWmL_FWVFl4x5EynXY9sWnE-E1r6IyPsDnGOZ3J7jOgNuV1mRLqS_7v1W4yWQES6kf3aJNAvSGquE8IzGvD5wyAs4YeDRq6cUqKLKge5-Ae_pwWYgjgT5wDfq4GVCP3K0v56R5gKzeLrM01GMX6yrpQn921wnk9EjMQ1PDIVTxb5ZhT8RUuK59jMUwXnVQfI4Bw1ArU1PbKqyB-6HJ2GnzS4320_XtgcXYZdbnrlTmXA8f2ttLm4ljDoYgRiKAT_kbxwjsTX8kJof11LifRtejkvWT5Lk1xWE_KLF0kbzXsmqGnaMWPkDwe1A-t6ASNTMGy_R7THW76Tsfwl6_ctY-x3Bex7rLaMT2JZ4xqn4ngu3u9yjy-IRYvvtJuXDnhUa658rardTRwY8zC03PEyTnScpZky5-4yU2mYMAEs8sMEX7GroKSx4lslG7aLtmSJN4rZyYh9UOP-i1Czf09GrWeR89kW9zQz2aG1IMCPNoOTFq8fQMS9cbbvAymV1_rP-LteU5rv_kmRTYsqqnKKYcZMmJny4c91QYlol3uNbc3VnsGo2RJyw20gWbkyi8gWaqv-Wd_smN6VqT5qE1mojZ2kAKBM2NuL3pmYKGsq0BzWTrPcxEIE_xsi_3NF2QJP2f2AyZHLO9FlckhSJib8IyYrJy9kRCtAwiEOHra119U-Xrm0JMbUKV0ngVF-AWu_SeCwxwnS8Ll7xG2iQlBlIQa1jaGtghme2_wc-3OVv0-9G_a42U5l9kxK8BYNJkk-kiydWJyPyvrj7eAloYd4btBYmqtgfJTCU3AxyzBzJ8H-HvQZyf67vDMsxn3A3unJfBJlFhV6KWVFElqt91PPqcnLE1nwWcM4y6tXWRf2ZZGWwFrbdVKjBDkLDvc_BSDCMm0nBbkuSLAV45fMso31zAADif1CIG2kPBL1Emf4JtPlnGHasRY3O0D6rzTrsUKJaAaLu7qgcqduZ6J6EtSSYNWpGiJsAZRMdVBqKyRvSH2CLELkvaFe0VEnwC4EXlxFRRw9eo6ci000K3MkRxOqd6dVVyrWJrH53wk0twb4-oYlWh1aT7GnR7SKj1mLXVsv7UHMn1zGb2u4bdophffPTy5n9yTEiSzajr4bYat_inORhLEp58mEC4sCUheBpt2eHly1Uhx4KJQB11b3vm6-gmn6CuY399bygwJrm9DyvEm6k6jL2gZDQlFvN_2NKOp-KBMae1MF1bRcNTnpkNxRp9O4kf9YIWHzFQgRZq8jMIpktwXJzFjZQTz_VgQyH6Sdq_0sIzblMLFkKMbVPUNl7L9PlxK3Hvhu4I3VlCAqtryae6Pn1nnvE16A-xakwXyQSlm4xv_gNcnsTBXBEqW8lSVXS0ECYn-e68A2XiRy6rOtRjdnl954hJ3iQk1RAVpGuApztKgduWBkp-o3ve9T82imL5370NGgkgWac3orZBzjkWoZ4pE4hzgFjq1wcAUrkJCoQAA-HqsxKi5JI437vbr6bifVGOyDCBMtjgJth8V62yyn9cCXOOw0FZMOAvvHKOTpuKXwx4f3pu5ItxJCph9bRebGV6UeE7R_M39UpUKS9t-GNfL439072iAWgwi1W4VcRr8HH89qhYn1I6z2TSiHgsdlmMIc-rVMvSGEH86E-SHruGiJ2TSRtqSIH9_fIudEm9GPKx1KUZWuYFT2Qg-Xv8gvh0cD6habW1U072ZOcmlHv5HPmaCVLhDPuChUpUgWn-EfFsBnA1Iltvq3WoMxBpBNRM9qTMBksJl3cq4aTudMBG5uCeV9b6vur8S1DqZzQarqdz-P7OeaOdxMNLSmVGD6j8YdEvpzGTfJc33XNg2Y912uuq38_1JHku55f1-LazPHC1d6FcFfi_HdOZbUX-yhazp4qqkbFc8Ow1YYfgNTZhCqJGzJwIEIWqTGUUuIqtCGc-aiXCJK3vYdNjsIwN1zp_D0VQ58E2ASANCb5-QYhCJ_FsGtj4Q6XqipBtib3QfWyL0-EMdxOMMV2771BipuGFS_F42Qz674mGjgNxxGJ8iMt4LFedcdI2kbrC-L3TpkFOTWrSthBSfidYfwS9gRQLe2hv38lD8vr_xajITurCchP2BYIPw0Ik9291O6Kq788wrQ-aoT6ugR6LgiERHcaq50Huh50NCPSBoqtGOjsa3AzWti5zOWX8o-ynPkyO2nF3wBxhYkcidfBwVW40yxo5CeCGJWltDuSWmTJjcMbJubwJqhMWx-RkO8wupqv0ewxxe1qJRN4sXxplJtvZWcFKN9qoA-iVWNuIxOGwrPWDAAu3v8Gr2MQfbV_CVzLYMa236YM9QHLrSmFRuLuw9mb_4DcZrg5FWOURm3GC6_0W9dAts1CZrkPV1xPZg8rlVxwO_kqO_ZVRjLDFfagvsJBngCWCW3enTQAeV68EI_93sTBUNyb_uFb5-gwBm0I3Rflym0rYCKi&cid=CAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=17331312949026050000&adk=627576174&idt=253&cac=0&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 447965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7551
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1

43 B
843 B

32ms
31ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNXXxqO9JrY4PVBVIvv2QUIJjKky5Y4TZfiTLXYSPNJQSzISFc5MrEDbzk1cOJSVeVxxyxsLM7iBj104k4lyTZg3feTbRg

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
an-x-request-uuid: 711b24ef-eb73-46fe-b998-0acb11eb015e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOYDDHP4Ufe31O5V9K4r8Zo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7551
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY5OTIzMjA2NjIwMzA3NDM5OA%3D%3D

170 B
188 B

37ms
37ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY5OTIzMjA2NjIwMzA3NDM5OA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
an-x-request-uuid: 5513c556-cfe3-4ab3-b2bc-2bf32ab5a9b5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY5OTIzMjA2NjIwMzA3NDM5OA%3D%3D
x-proxy-origin: 195.206.105.131; 195.206.105.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 7551
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1

43 B
172 B

31ms
30ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNXXxqO9JrY4PVBVIvv2QUIJjKky5Y4TZfiTLXYSPNJQSzISFc5MrEDbzk1cOJSVeVxxyxsLM7iBj104k4lyTZg3feTbRg
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKbia5kcB9yVXLPY7pybnQ4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7551
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZmFjZmQ0MDUtOWQyMy0yZDBhLWZiNzktMTJiZTg2OTM5NjUy
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF4B 0
20 B 148ms
119ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3970656413567&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF4B 0
20 B 124ms
120ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3970656413567&version=m202307240101&ct=77&x=1&cor=13882633666222990000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
ad.doubleclick.net/dbm/ Frame EF4B 16 KB
12 KB 144ms
61ms Script
text/javascript 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/dbm/ad?dbm_c=AKAmf-CALOssMOf97FS88XnaePPgcOdIEol9bctAo-OyxXlkFCUMA8V4V3ewoFjqM1UmjADA9fRU1zzyOw7O1XybIeBJ-X16DFlTYKHh0YxtuxxrZ4qBpfwKcWAdA4gxQ-krqT7OgNbl8B_gx1FnEv6qjp8mLMa97yRdGAH2Hkb41nDuLZhxFdU&cry=1&dbm_d=AKAmf-CywQbKywVcBQ6I9OwWzjW8InQ-3t4zLxTkLkBeiEL2IprGIaL7welqZrLgPSvoRb9YWjAiGoHcMwy1FuQ7_1KRc0oWFjV80pg05KJfA6ioDDX4VWCxU6eFQzcdidvuHE0lGTBl2l8JvxGWHasfB5dc4lUIFrYtUa22kDDG2XmiAS3ypDNi4qlfXhsfKk1MsmOlNlEJ2LXdh8aqIb5O0hBhlVfRreHFiOKGRMHwkEUJOen6wX1pTEkIm_QEBMGZvZayM0wIm67yp40D26kDaQVR-UkVEiFPM-yj2KXPs0fFXQvMWloAzJ_UrhyEMfxb7Vi348dhQ47_pGFmWaFsIMuCMAAItX_46UJvLRIeTKMVX0iPpp679uoQmP49TTBD2nQCiFXTAoPNo3B8TYliK6rZWFlXI9mQggXRFnjM-vTuykTra1Imjv5Ft7onRTtDqm6E25aHt3ZUiFiuANgofmQW-m3KnZuQR56HcX-ryh_VltZKGVZMMb2Z5gsYiNg2KImbKa_lbTpPqc4rhfpEvC5nUhzHGIXGXJWeLjPjaV0o3UfV7noZMmQfTmHg1cMmtJi4f6yeXMBY5MUIypcsGON20wzRXtHaFpqUQ9-7JPHvZoyc70UOBwO7H331fslaba5r3iyu2ccVXjMUEKOPhHKVuEi1q5FsDNcdI2zy3UxZchjCPr4TvBvrlquVZ5RlYNcgzopY-ai8ocRoAjJUffvOJWgzCuSFqP86TLLZQv405mbM4CH5AfbiB4A4qEujj7P11KJrIO23xvNke-T8zfLSCsm-cJPRfQ3vt9VP9IaLy9Sv9OwWjPmJsANx1EFyzAh25QOze5cmtgkX-M7MMcw_Jzavf5RlO06t3jqqtCQcw5w-0hu7MaPBnQVSksOOZggV-q9c2mOEr5To6nLxpHm7JUzQqb0SXwfnv1DjUGguEJzH7tdCbgbUnsINnc2cQhIVKVqFy4PtBwXiaNn6p-rS1fM2PUaTnDYRUQrE0D0rhkljTdUWuw1awPzvULsfkE_2HWBHOc3MELZfVL69MEp-aViaDeFLtrfmrrkC75C0CI_tEQczerawGJmliyEmvtILp8q_6v1PHYhJUkspEZyW3rPoRMZRKOGcbu3mUTfVeZxs8pNVInSlUVpjxGhnMfQpHLrNAHcN5n78tEtl3PE_SOL5HT2MEKOZORivNoFtCZGFc5dMPsfdrXgvxSnuClFPeykaGIdX02FL2DqmCyVbCBXV5dn0fQBSXShj8XIycwJoKHbsAlMejW2ks6_EpN3jyDSfEt0XTqqo9F9vnDJFo9JL-_WM4GcDHTFqrTWe0DDNmhaMQSkg0uP6oOIQqOtXbwV3tZCiV4EwUnwoefPpDkGGfBUMl2bQgYp00V5qrGnuWFakeD4TLYxtFU5dLov9T8OuEPdtz4lAyGz2Ev4uzsXISAH8Yeg0cdUgq78bSkM_yi8c6xuR83VbIAivh1kN820hm_Uimm51UNDINGDLy6Q7Lragdj-iT7Kzl5Qd7NVISFTBQbBeeAlULjcKnD51yNGxQ1ZFVCNAQVBqkq8MjQnJoPbkp__H__io3yCzEXrmrPIK0uQLPKgiVLpbrFn4_6d3Tqkcnf4jANnfnikivl_47gniD2mlARitJYtvYx26CIvwvc_DQXJsj94gjUgIMb9212HhigLHLcQEi4JhrKCPjbehed7VlzeM4L0c_6MqoA03o1tXFJGQhKazyLVm3O31D-22v_SbSLQQV0foPja3vwoOBNh5SHcQLG5cozO9X7Sx-lufWNrGQ08tPB7-0JPTGOxIX_DlgwaAduL_invitSvb9ukLJ6FPHS7DDAvyXalgCbsiBha_iMW1G3yOlni_Jpz5asFfqBVh6uHwWyZzEZ93vfOLLiurt5-wgMhFXeNYydn1jYtSndsbJr6jIRU_SrhqZoIheWYHcz6teVe-MvlMIPxddxXokej1NOJ7c0RTAjNrZKvFmlSGY77oP3ZD65mTGZYa9JQq6ALlTcuce3Ta8tj0UmF3ZPTaiXHR6oB04V3ndUBaFnY2EFBslo5r7eJLtbFAXN8a2K98ES3tIMfdOVHe5eI7sXFkDWmxx6feynSqM4zugHuU7ZJF8pjslosVu-e-xI_BRlrgO899cxijgmqeCcWMwo7omvqnUlvkUq3riGJQ5pFRETkUHvn8pSGiDIz2rArSFM90eC5HhRR8bbQoiUTsG4wDe2AktJ4dhNoCEqWPRkOK6tNBez2UVN2jCQ-4yLgVn0Ar4OEOMfDWXkHFJTaMIwu_M9LmZqNaLZmLzPveJ3nry4B_ZFogw8j_oMbxkh6CgcUCPCAo1bA5oBF5-mlbz06jTpCsxnR12ABR7zIWj0zz8cIyN40UQaVoFTKZO_IkXJQ1SlqNFegL3VcqaEYH7hyWh7ydAUbiF4cu4nQ_ytsv356Z-yi1qSz-qo6qMvUDkOqEaFmtXRKcDI-AcAH1wAIX_zOFHm1tPjnek9toEIey1URNWvUEOraR44FbFKoGwJzdEiMZL7iKY7lvNu65s-WBXrmvGz_BtryN2khWNl2BdDYsaQjP6ulMpj8fadevGUjCS__fZ7fK8ASd817UHNznvxWt5RTsWQ977Kua0gnx--xVMh6oLdLZ86-syyNN9bp33_Cn5eLoDjZ1LU5XcY1wnan7j8Qlj6eCdj2CDbfgCfHDOsSGgpp4WwK20FLuAzRL_xXtDB3HHR-DkGFa6ozDofO_qglB5gWfotTjrOe75j-0-cSxhR_b3mo-v3ToQYJ1KWqMB0w398O9bnc1Rp31gXXr18N8_4xRDGdUD4E0g943QSArPE8r8CEhlN6Cd3YpkWmrwksNQDaHPEcTSdy2lyKh4d6HaTeanaA13VsBrM0u5ebfb_uQnEGBEWpPxLTOyh7sES8bb0ja7Mdi5Wou-I4lg-vk5SFIUgAO1r-TVbRyqZnYlOAzWmDYSg7DkMiGZOyqpKoe8o-NfNy3T1TDRWNs1zi2p-oZgpkZH22frv82jGePZjdGDjR2ojLjbW7M-AaP4x8nxlBkLyoqEOOwkaGnCbLiJl5FEmECV8a40kCKEAMfKgoMl39KXuk5JvMR336oiCZS2r-cjs_8lyqwIxEPtEcMYpDSjw2Kvk5VUaQsSBDjW_pygsc0cUZa-XeckygKvEZ-xpL7Vmkqjbt4-On04iQIvg_DHNHWZXgOl2DkDPFf-a1nuKLkDvPDhiVHNlGdPk4AsKPEgpIrzKZaBY1agKiMCbW3EAn0p0CxtmQEHOhngSbKeL4XO_-sXUloyGNj9wEGzoQ8xMld2zvt4cbc8eIqt-0IEBMPSxNlivjVpqUtxwOriV0fS7zLU9qBHlKfjGBs-zCrK-GR_TPzdsLwbNR3_m3LYB8VzUp3ltTpfPFlCebQGEqCxfAqAENLkqxuRI3RVkXJmlIQXSSTMN_2F2aqj1Jf0S7LEHBM0y8R2cIsRFNR05xaDAzDPOjcod3jCO4BYQQrlfsXvHp_WCtcCp-aFEd3TIZFJhVLAmXO3t5zG5EywklRur241amBjfKn9b1e5-QgsvkVemFIG-qXBS_YKDpDqXfBfB5dt6wVdA3wLi-NRTOVgSOJeADYLH86x9ZY6JgaifYRry_JDsABn6kt8B7f7ACjOxQ2ewX1IhohEAcvAoy3a2cuRBGRqyrCP-1yk3pmyKnrB45ZU9O2Y2VEZZZecQBrSbUNxyrhAIEY&cid=CAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=13882633666222990000&adk=497053795&idt=205&cac=0&dtd=37

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

aabb98c84c142ef2fcbeb513da1ea3f2a7ccd3143f3418b867417c0afc49a801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11952
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ykuzho0n7xq0 Show response
hal9000.redintelligence.net/zone/ Frame 0593 11 KB
4 KB 143ms
37ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ykuzho0n7xq0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c3b913c546a9218e09fc70f76e6aa0f6f6b5d35bab5efd422f4c5162e8b77ab9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4140
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 38E2 22 KB
8 KB 28ms
27ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 351335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame FE81 111 KB
39 KB 92ms
23ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
Origin: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 16:19:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 31 Aug 2023 16:19:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/elements/html/ Frame FE81 11 KB
4 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CwwgKbk2V_dw3E5lG5YKuxYnd1irIVcElDR7oTJt7rTigV4Wyc2BA9L4NBPr3MZbSJ6llfBdydHaFYzKBw9XnLsLuQaw&cry=1&dbm_d=AKAmf-CbUz8NFMt4o8on9n90dulQDL8zH9TfyeO_ua_xpqztMBCEIoFk4K046JIbLwfrDq42k62gPygbTHjnJhXwi5E9umwS1rHjAUIRmzZ_GdnnBDg79wKnpa6tu7lQlP1Wy6_cxExOZiZEh-8D0CMh50KTxS_iRofGsLcpQsPrPm6Eu_iAls7xB3wXtd7BIhLnfvkQBq4_N_M_4No4WpqO8VT74ZAOJ3rk9bvFZDOKnOLUy-zC6EI6sWJnRWimq3XLgz7ujiek2snDxgIT57gnl_I1PMKktREocVFH9zFsLXjlHAIPNOn7hW_5Oq_12Ht5BCg60GAhwDd4APlNDoNv6LY_G_w6IfyHnx0GqMN3NWHWHaeVXvwwUdUmw0OjuBSZw8IqHPc_kHmNCaCXZmzZpzFI3Ce3-2278BE548sj9OT7vZn3Izjogr7LelGX3svkVX5ajsUUfxYthhxhc3BtGKRUClW-1UBs5fx0ClFBGpiNCYF2Gj5mIrqRhiO2Ejh9yJRr1dkMYUg9GwUOTTFZ5YlW6FEHGob6uJ8J3yoqPK-fMPrnPFsw9C4NrvzRCeoj2Uqp2WGMWSEOEJpGSHFwNiZ_7ejAjELqTFOvBetB2aM18bJib7pCODlxiYTnV9poas3lafe58RXuBskXpRa1-cH95tPA6OrhRn1fik2t4X_-41Z1ww_VbGBWA4b8PDJ2m2fndtQ6-RzY-t6dOrzrRpRg10tisSxh1zipJT7e-VZ5emIlQHrnMdxJynegEc9Kcu1zvyzm20OOv21M6VjA7PKvkHS8Nqy9SiIKdecpLwzv7JDdeGlv082ODGanrPm1zOrERawDD3SGXw7Tagc2IMbnkzky_3mlJu4fG_7G85k-wBoIT7qHmoMO4rSOSdKyV7Hkmlgouck2egf0TI16l_VZWB7GmCP7Qkqr2A3YbP-GflaI71czaYojhcmfGhIf52uySSToiA-eswD4cB18kB5-6cBY6kxUmcWsjdbpMmFpOhmko_MOusodmwW031uoKBlpZYjP2nJw9uCI0DegNzKMfz_tJhvVEvvnyxKffSlcHAmvE4ZC47m_tOaXKYQJW0jhIjMHlxBJV0IDqMYR9CKZ4YKu44jdfh91ny14kp8K40fM-R8XWkcMjyUt9BHiNJ5L7-EeCuUjPSQaCj4pEA0Tfgdb4VOVn5qyJ6zpoNqjA_A4BUpc2H9XCgxAPjh4TXTCeUDmubIRy--JrVf_DRECHWHZ8i84H-CfOfMLnEUdH0VWaWndgRB1-xriVk4KvOkx_f6GPm6mFVeIwJVQlAME9m_UKXEsukuRSqTkdl-T6SRVWOL-oEUgOkZMH_Hov5uwtPWZR1qwz7z45CVBCPDNmVIB8IzzDZOD4D0UfB5PbIIs1fp-LxLT_4MAcKNSZZLBELQE9Nx4vodZhZ0uyKMw4cg2NPValaK_xFA5XdAijohCd8tFIVs1xhlFu3pP5OvU71Gt5MRuE-Qk57_zFto-kIASm7SHn_jzcfzuxgw7lkxFJCxFOud09B20TydP8b0skP89EehfeuXjHUG6BBgAMNGOhMJxiePj5pksObKYyrROU4SoY2VTFipazk_2Vh1-YrBBbU0hCHgSIxZjbPI_JYBbMQ-EMDqIpYeul1yWcGeB7se0RpgS1L-ssNOjTbtJNwbS-AL0mY9g3GgjPzBk3gCAMrq3LrWx4fz1I8vz7G-EXV3CiXlqHecDKQEq7j0GBf1HeaVeLQt8pEGJZWk3sgQLHNcVs4BoE-Dd0YqtpnXd5rfwG3vQ_Yw_MIWVhgbw8l7liC6G8bIEe1467jJrPfliCFDzxngp9R8fNgRfrx3W6nJG3Vo3NDuVQg9aJSyisUuBhJ1y8xWJNlMM4IB9G4rh2eX9pUc6N6tQT3Q2Ww-uZdcA3I9zDQjQcodxleWQfz8zLNeSEtXXi5mxlnSgq-kQEF6i5xh4znQvO0FK1yUYIk9X5R4I90eSqfZOKg3_g9-hhusAG2jGnhOJ7cyl7pIKWwT9WIv4Qf0L7HqY9cPGJ7MgvmCjS0wUdb-8Jd98MKFusd32ZGxNAZDd6AXsYFNsB17ql4S4bAK8POsi1GPBocuqYmhLsbJDk76EID46a2ZNUb9NShxBy10OqtV7aUpj1IRJ8H6xAYaJCAfLdbuYo2s_lE6u098VLH4gpuI0YWNwt3HCGIyBlKls9jxKvFb6Hxpi2b5uW4C-2K4JR5xcVNHNXv64mjpQBXp3Ruzz3wB1BflKtCWE7oumdSqATjJ0QLYOz4Q4f6Y5Cyn521ecaF_D2V9FLCbyAaaG57xbwFGqBNzdI9Z3LR8cds3d00yBDDI0jWUL2FOqafAeYq7PZcKEvc7Rps04LtpwDtJfYBYesMAxBicWR0gH5pfdmikq9kKUKRpKiIJkxDhu2DztYFtbXoeqpDjdBvSa7LIGTdy82gV70YbQ4yhQkhXlX43wTx5A-s6GM5fNAl0KVERMsucMXUKWUNGh-lJfWJJXGyhiqGe6WB8YhQiNsYSkSeX9RhIMTOdtHNHZ4MnJLTEveGoWP5lFEDyXZtt62HOMaap0pjW25n4E-pTAz9weSRF8hO4Y97Vz7KkknSrzBRYfDaBRSPVq99cs4Kgbk8u33iTzHSfvVybKlYxiXoSQ0-PRtZW3pMbhihL9hBR9kycOEjA7D48Vt-YVSYt2dVBuIVyb6B6jn40wYX8caSqP9tjRcHPVbaECTKxBbZYyGCZ8sEU_edTzJ4LDf104tSRWyQePTv4OWWse5b6_reFbGhyne1wNGB6-GvJEHlCp_S-7hOkSSIfZsaaVhaSe1qDewdiYtR1UqXStcbmO6fz8LMsT1DZBW_k9otaES3ZGTXHVDPvP6ToXPKHwSXF9gRwvhyo-sR3FboOoLKG5T-RaY79GbL6cPfKlCZvu4ZxrHf9PpjdZgNRpIQYmBH7gIx5m98ofutMTljr_IhD_ie-sKZDtDrSHXZDb4aB3o6LOGtW5dzcyZt_mytfVgGjwfzHyyxpNMODSThnA-2Q5Qm606z1OaNz8QzP2vn6bETX_-S82omXmjYhcZT9HLFu1xGmJul-xzNKlouFuB1yEOzf1X-wnrZlDhfMn7K3mXk6D3eN71V2F58ZrpPbCKKKWch7IQZVlFZlQKflZ0FAwi6ab2aOEj-onX4XziaK0MzqHN932ysg34Fv3K1DUCpOqdv4O51RuH6dhUe1ed8r_mv-hmFtS2DCCXw7_dIt9Dhn64eVXoTdeG2JtJmNfFuX0JrdS8ldZWTT_-9V-Nj0uj5_GTJSe_qHlvfwz179t5FXcigZbz1g9bBPoOzrNIoDl5vWZsCgRmMbWeTJYEQuIGgkA5n-8CGOSXFl2G_DTJTmRMvQPGioeBKZPnF0PI2-j5ylFcmrsDpt5oiT5FMOdnCTyRB_2P6CNXOKkbdg1Po1Top6rwaID80ocw1nQm9PffJXJHssGBanR2zbKM7ksgEAHH8ujOA&cid=CAQSKQBpAlJWMbw9dt1Gy7c4hgwEHXzg9xtiGPHbu__OGU5AK9z-UzZ1ffOIGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=6549957044309561000&adk=2476403952&idt=120&cac=0&dtd=111

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63854
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:23:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/ Frame FE81 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230829/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 14:23:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63809
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 14:23:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FE81 41 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 447965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 15FE 1 KB
643 B 22ms
22ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 75201
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js Show response
pagead2.googlesyndication.com/bg/ Frame 38E2 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:24:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 150182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14793
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:24:18 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AFB5 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?W4p0fw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

request.php Show response
hal900027.redintelligence.net/ Frame 0593
Redirect Chain

https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
938 B

149ms
90ms

Script
application/x-javascript

78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5708428795426&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
Protocol: HTTP/1.1
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: a295c07557460ab45c47664fb1dd3ffcb15f4b00296455cbdd59087b124f3124

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 46722000037455304438268012433027
Connection: close
Content-Length: 332
Expires: Thu, 31 Aug 2023 09:07:20 +0200

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5708428795426&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 31 Aug 2023 09:07:20 +0200

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EF4B 41 KB
13 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/dbm/ad?dbm_c=AKAmf-CALOssMOf97FS88XnaePPgcOdIEol9bctAo-OyxXlkFCUMA8V4V3ewoFjqM1UmjADA9fRU1zzyOw7O1XybIeBJ-X16DFlTYKHh0YxtuxxrZ4qBpfwKcWAdA4gxQ-krqT7OgNbl8B_gx1FnEv6qjp8mLMa97yRdGAH2Hkb41nDuLZhxFdU&cry=1&dbm_d=AKAmf-CywQbKywVcBQ6I9OwWzjW8InQ-3t4zLxTkLkBeiEL2IprGIaL7welqZrLgPSvoRb9YWjAiGoHcMwy1FuQ7_1KRc0oWFjV80pg05KJfA6ioDDX4VWCxU6eFQzcdidvuHE0lGTBl2l8JvxGWHasfB5dc4lUIFrYtUa22kDDG2XmiAS3ypDNi4qlfXhsfKk1MsmOlNlEJ2LXdh8aqIb5O0hBhlVfRreHFiOKGRMHwkEUJOen6wX1pTEkIm_QEBMGZvZayM0wIm67yp40D26kDaQVR-UkVEiFPM-yj2KXPs0fFXQvMWloAzJ_UrhyEMfxb7Vi348dhQ47_pGFmWaFsIMuCMAAItX_46UJvLRIeTKMVX0iPpp679uoQmP49TTBD2nQCiFXTAoPNo3B8TYliK6rZWFlXI9mQggXRFnjM-vTuykTra1Imjv5Ft7onRTtDqm6E25aHt3ZUiFiuANgofmQW-m3KnZuQR56HcX-ryh_VltZKGVZMMb2Z5gsYiNg2KImbKa_lbTpPqc4rhfpEvC5nUhzHGIXGXJWeLjPjaV0o3UfV7noZMmQfTmHg1cMmtJi4f6yeXMBY5MUIypcsGON20wzRXtHaFpqUQ9-7JPHvZoyc70UOBwO7H331fslaba5r3iyu2ccVXjMUEKOPhHKVuEi1q5FsDNcdI2zy3UxZchjCPr4TvBvrlquVZ5RlYNcgzopY-ai8ocRoAjJUffvOJWgzCuSFqP86TLLZQv405mbM4CH5AfbiB4A4qEujj7P11KJrIO23xvNke-T8zfLSCsm-cJPRfQ3vt9VP9IaLy9Sv9OwWjPmJsANx1EFyzAh25QOze5cmtgkX-M7MMcw_Jzavf5RlO06t3jqqtCQcw5w-0hu7MaPBnQVSksOOZggV-q9c2mOEr5To6nLxpHm7JUzQqb0SXwfnv1DjUGguEJzH7tdCbgbUnsINnc2cQhIVKVqFy4PtBwXiaNn6p-rS1fM2PUaTnDYRUQrE0D0rhkljTdUWuw1awPzvULsfkE_2HWBHOc3MELZfVL69MEp-aViaDeFLtrfmrrkC75C0CI_tEQczerawGJmliyEmvtILp8q_6v1PHYhJUkspEZyW3rPoRMZRKOGcbu3mUTfVeZxs8pNVInSlUVpjxGhnMfQpHLrNAHcN5n78tEtl3PE_SOL5HT2MEKOZORivNoFtCZGFc5dMPsfdrXgvxSnuClFPeykaGIdX02FL2DqmCyVbCBXV5dn0fQBSXShj8XIycwJoKHbsAlMejW2ks6_EpN3jyDSfEt0XTqqo9F9vnDJFo9JL-_WM4GcDHTFqrTWe0DDNmhaMQSkg0uP6oOIQqOtXbwV3tZCiV4EwUnwoefPpDkGGfBUMl2bQgYp00V5qrGnuWFakeD4TLYxtFU5dLov9T8OuEPdtz4lAyGz2Ev4uzsXISAH8Yeg0cdUgq78bSkM_yi8c6xuR83VbIAivh1kN820hm_Uimm51UNDINGDLy6Q7Lragdj-iT7Kzl5Qd7NVISFTBQbBeeAlULjcKnD51yNGxQ1ZFVCNAQVBqkq8MjQnJoPbkp__H__io3yCzEXrmrPIK0uQLPKgiVLpbrFn4_6d3Tqkcnf4jANnfnikivl_47gniD2mlARitJYtvYx26CIvwvc_DQXJsj94gjUgIMb9212HhigLHLcQEi4JhrKCPjbehed7VlzeM4L0c_6MqoA03o1tXFJGQhKazyLVm3O31D-22v_SbSLQQV0foPja3vwoOBNh5SHcQLG5cozO9X7Sx-lufWNrGQ08tPB7-0JPTGOxIX_DlgwaAduL_invitSvb9ukLJ6FPHS7DDAvyXalgCbsiBha_iMW1G3yOlni_Jpz5asFfqBVh6uHwWyZzEZ93vfOLLiurt5-wgMhFXeNYydn1jYtSndsbJr6jIRU_SrhqZoIheWYHcz6teVe-MvlMIPxddxXokej1NOJ7c0RTAjNrZKvFmlSGY77oP3ZD65mTGZYa9JQq6ALlTcuce3Ta8tj0UmF3ZPTaiXHR6oB04V3ndUBaFnY2EFBslo5r7eJLtbFAXN8a2K98ES3tIMfdOVHe5eI7sXFkDWmxx6feynSqM4zugHuU7ZJF8pjslosVu-e-xI_BRlrgO899cxijgmqeCcWMwo7omvqnUlvkUq3riGJQ5pFRETkUHvn8pSGiDIz2rArSFM90eC5HhRR8bbQoiUTsG4wDe2AktJ4dhNoCEqWPRkOK6tNBez2UVN2jCQ-4yLgVn0Ar4OEOMfDWXkHFJTaMIwu_M9LmZqNaLZmLzPveJ3nry4B_ZFogw8j_oMbxkh6CgcUCPCAo1bA5oBF5-mlbz06jTpCsxnR12ABR7zIWj0zz8cIyN40UQaVoFTKZO_IkXJQ1SlqNFegL3VcqaEYH7hyWh7ydAUbiF4cu4nQ_ytsv356Z-yi1qSz-qo6qMvUDkOqEaFmtXRKcDI-AcAH1wAIX_zOFHm1tPjnek9toEIey1URNWvUEOraR44FbFKoGwJzdEiMZL7iKY7lvNu65s-WBXrmvGz_BtryN2khWNl2BdDYsaQjP6ulMpj8fadevGUjCS__fZ7fK8ASd817UHNznvxWt5RTsWQ977Kua0gnx--xVMh6oLdLZ86-syyNN9bp33_Cn5eLoDjZ1LU5XcY1wnan7j8Qlj6eCdj2CDbfgCfHDOsSGgpp4WwK20FLuAzRL_xXtDB3HHR-DkGFa6ozDofO_qglB5gWfotTjrOe75j-0-cSxhR_b3mo-v3ToQYJ1KWqMB0w398O9bnc1Rp31gXXr18N8_4xRDGdUD4E0g943QSArPE8r8CEhlN6Cd3YpkWmrwksNQDaHPEcTSdy2lyKh4d6HaTeanaA13VsBrM0u5ebfb_uQnEGBEWpPxLTOyh7sES8bb0ja7Mdi5Wou-I4lg-vk5SFIUgAO1r-TVbRyqZnYlOAzWmDYSg7DkMiGZOyqpKoe8o-NfNy3T1TDRWNs1zi2p-oZgpkZH22frv82jGePZjdGDjR2ojLjbW7M-AaP4x8nxlBkLyoqEOOwkaGnCbLiJl5FEmECV8a40kCKEAMfKgoMl39KXuk5JvMR336oiCZS2r-cjs_8lyqwIxEPtEcMYpDSjw2Kvk5VUaQsSBDjW_pygsc0cUZa-XeckygKvEZ-xpL7Vmkqjbt4-On04iQIvg_DHNHWZXgOl2DkDPFf-a1nuKLkDvPDhiVHNlGdPk4AsKPEgpIrzKZaBY1agKiMCbW3EAn0p0CxtmQEHOhngSbKeL4XO_-sXUloyGNj9wEGzoQ8xMld2zvt4cbc8eIqt-0IEBMPSxNlivjVpqUtxwOriV0fS7zLU9qBHlKfjGBs-zCrK-GR_TPzdsLwbNR3_m3LYB8VzUp3ltTpfPFlCebQGEqCxfAqAENLkqxuRI3RVkXJmlIQXSSTMN_2F2aqj1Jf0S7LEHBM0y8R2cIsRFNR05xaDAzDPOjcod3jCO4BYQQrlfsXvHp_WCtcCp-aFEd3TIZFJhVLAmXO3t5zG5EywklRur241amBjfKn9b1e5-QgsvkVemFIG-qXBS_YKDpDqXfBfB5dt6wVdA3wLi-NRTOVgSOJeADYLH86x9ZY6JgaifYRry_JDsABn6kt8B7f7ACjOxQ2ewX1IhohEAcvAoy3a2cuRBGRqyrCP-1yk3pmyKnrB45ZU9O2Y2VEZZZecQBrSbUNxyrhAIEY&cid=CAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE&dv3_ver=m202307240101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=13882633666222990000&adk=497053795&idt=205&cac=0&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 447965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6FFE 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 351335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEB2FxDwNKE79OGUW0O0W-c8&google_cver=1&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6owGVeIYJsz-dRW
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=97F849F441854239901367624664388A&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6o...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=97F849F441854239901367624664388A&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6owGVeIYJsz-dRW

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 31 Aug 2023 08:07:20 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=97F849F441854239901367624664388A&google_push=AXcoOmSkfOSfn7LlzkIlh_UVg4ugrYBjSPCUgwXp_yV7Z5mA3QV1foF42iVHr851mSh2D5hbbnzP5KU2MSLaD6owGVeIYJsz-dRW
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 30 Aug 2023 08:07:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2sh...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2...

170 B
188 B

44ms
44ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2shYLm7id6sD6zil7Y-f2ZI9A

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmS7k18gtMvG2OiHAJVLNyx9UpH5DwYiuzqqUZa_WFfod7GzvZ1wF89UPik74cLsoi5BIom7K2shYLm7id6sD6zil7Y-f2ZI9A
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVz...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVz...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi&google_hm=HPenpGZHH24Y4TrDTyynAuak

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi&google_hm=HPenpGZHH24Y4TrDTyynAuak

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmQ7wCnHqCJpMxLzgcd9gzbUTfJAeBxHHTKmHS_LRJEXIVp0iQT1q-_4sA3c1e1ooNOMjoWcIrhM8yLaILYVzva543cvyQEi&google_hm=HPenpGZHH24Y4TrDTyynAuak
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://google.partners.tremorhub.com/sync?UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qIIfTLh0fns1-65DV4tFU3g8JPfUOK8qUakeGJOvMrPHghI4anN1-nLKoB2qrsL-Verom...
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MDlmMDIzNjIxMjY5NGVkMjgwZjgzMzc5ZjczMWM4Yjg%3D&UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qI...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MDlmMDIzNjIxMjY5NGVkMjgwZjgzMzc5ZjczMWM4Yjg%3D&UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qIIfTLh0fns1-65DV4tFU3g8JPfUOK8qUakeGJOvMrPHghI4anN1-nLKoB2qrsL-Veromtd7q8Dg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=MDlmMDIzNjIxMjY5NGVkMjgwZjgzMzc5ZjczMWM4Yjg%3D&UIDF=CAESEJrswiQfSH7Zm3HBcqFFIiY&google_cver=1&google_push=AXcoOmT6ZvRLMt7Hpnot8JsVI5qIIfTLh0fns1-65DV4tFU3g8JPfUOK8qUakeGJOvMrPHghI4anN1-nLKoB2qrsL-Veromtd7q8Dg
date: Thu, 31 Aug 2023 08:07:20 GMT
server: nginx
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEN4TMoLhMAJs-SVQMg911tA&google_cver=1&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-mQ8cvtZ3rLAPDoC7mfzwV3eQ&google_hm=MjA4MDg5...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-mQ8cvtZ3rLAPDoC7mfzwV3eQ&google_hm=MjA4MDg5NTYwNTExMjU4MDAwOA%3D%3D

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmTn7W4d7GNw49z9vqYtU6jkgSWJqpcu62gYSrjtez59Q1evqPlkdXwCV5iBAOg6s8Uur4xmR-mQ8cvtZ3rLAPDoC7mfzwV3eQ&google_hm=MjA4MDg5NTYwNTExMjU4MDAwOA%3D%3D
date: Thu, 31 Aug 2023 08:07:20 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEGPNjYMJFCmKtzUMWABX54E&google_cver=1&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-sm3ANmppnteqJ2a8rry7w_tM1WlEvWk2hjma_vMBAOvaD0&google_hm=QlMuMTFkOC00NDU...

170 B
188 B

37ms
36ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-sm3ANmppnteqJ2a8rry7w_tM1WlEvWk2hjma_vMBAOvaD0&google_hm=QlMuMTFkOC00NDU2LTQ2NmMtOTE3Nw==

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRH_UjTc5a9OfAoiqBqgeLNh2-Lfnn8c-srKzal70dbYrZpsMCm-sm3ANmppnteqJ2a8rry7w_tM1WlEvWk2hjma_vMBAOvaD0&google_hm=QlMuMTFkOC00NDU2LTQ2NmMtOTE3Nw==
Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15FE
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEGf_hnIcKoXCaa6KMmVRGNY&google_cver=1&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__Q2oZHQ&google_hm=cf8806ac995...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__Q2oZHQ&google_hm=cf8806ac995c35dac91f2dc224767887

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSB715NL6DcerF4E1nrmCjgA8f03Vdb9xxiwm66J3ZNrdX6Uvvlce8eJoVj5VCg7QY3twPyH0JoRNhNBbdbiZMe5WN__Q2oZHQ&google_hm=cf8806ac995c35dac91f2dc224767887
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
content-type: text/html; charset=utf-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 15FE 0
12 B 33ms
32ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LlI8mYl3w8_yjn5VyNvX6isjoLPcpJMiBaIxE-0zzBb00KZzyKThRbB0hgqJ7wCWXHH1B4rco

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK ykuzho0n7xq0 Show response
hal9000.redintelligence.net/zone/ Frame EF4B 11 KB
4 KB 109ms
37ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ykuzho0n7xq0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fad.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqKd7N0rwZOrfF7CgmLAP_ua_8AuRwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAjYVSmSyVbI-qAMByAObBKoE7gFP0Hi8EfoAxLV7S6OWSU0UVHFD39JWhFNvNELevZOK8YR3Eyf8-4Uj0m-Nn4fgfQJySxj5ZruVQha9IS_rFH-jHzdhd31JlaOXmYzk7ZarYsCjCbSgbx40wMeuHCZ9icawTLUcPzSMuVgMHc6EpeyK-zU1Ith9HFAHq3OplclDydASPw7WidpRznx-1LJyaL97ZuWIf7blRPNu74xJWzFxBQtilTdQXiGTc1pOSjKuCA4ThV6Z3WN8WXF2fYl1_CqgwJUWnX0aX4zQBv4_OPZTccHQHCGqYtqzi_Jfbd8lQzJeYULmqg7hRx1rzlHawAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIqtfOw7iGgQMVMBAGAB1-8w--EAEYASAAEgKcwfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE%26sig%3DAOD64_20LXSLUUDzdq6Wah9XvYt6xzxMSQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CniNCASrIXCV6VfO0-ftPNbGOuSsZ3_71QGXKnsnmFPUkoF2wg9-_cFCYjL7KIGzRUvhpcEgj1zRksTqr-sAeOh6MA_k3XnKaCWvroNbKNmbMajanVCNvxjTRy6vB_2eEYAK_VQ-pS73snYHI_o2xu4svEsxVoJ73Cb5tO0n-jBKKTLGc%26cry%3D1%26dbm_d%3DAKAmf-DeoTkSw3_KiJvUImisaNEJp_N3mMf52HZ8Gjxdhh5uP4QCmR-55_lnfd0SdC_xghLHdjbjT6JCI-fBjhm6pR3SGaV5N4tDTLOlUKssfz2CGY7GdcNsfdsTikd1BSyw81p3Sly5FKD-C7XhXjjKZuigG6gbeS_tNDRZCiGUIEu_Qhb3tu-QJ8USbpYyzqZd0GGHT6m7RpSBHd2m1lYH_nJUXxDJF5S4qSZNNDQhXr-aDg1YigzVQjdZFFkky9Us45hou75Sm3JsRnU00R8gDvB1pfoPvncLvJQzdKnvHRraCvhlUhrFmvFn0ojvIBqCWijSGiMGPPzZaQxo5BgUa4-AsLCDUwO9KSUXO_La81LH8aMsO7HbhJOy4lkresviDwh48sK3fkxIA9-QZb-lSqzsr51ATdAmWW1kf6jNpDxsLfhmK4_gniaS-zF2zqVUvghDawkMWV7U0elEMoLiWpt1_vOianqbgkBiXa6i5rcnR8NGc6tbi3N8qBa6cQJqr_X3a13vkyOFnkPMGc0Q40RktwJdYIgRINd-YW1fQQ1HPheq4V4%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cf518ea75c5db9f4155e65e75938957749d3c71c776be6de14dbd2ddedd1093a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4128
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FE81 0
0 135ms
69ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_hpAmWFYeBM4HuOD20nir1FgNsvX7jj1nLypcKJmyYJ0RZg6TOCz2Ps38DIp5QkjQ6fI-pcBRbhJK6nK0R0_YFm75vVzSTAg094rCsEFmdZtOaC6yqNBA2p7yQMvOxKV1v4VazS5tQX54-Ff0cpnnjElxDM3mOTw5pUYAOnZTwg0M97Fuis7RVzYB5ZFBeb3qBzoc2wucw3_bvMxLPCW8xbkD8Zgv_yDtn0dXc0n78IADxHf2WuGvb3USzgyoHuWHps9Eyk9aQ3Xggg6YiF_olYVFmGH8Y9-bWwIqyiR9P5NFvos4_p1KErqAzTnN1tyrYDsHqBCO1Hg-9rJlsM_lKMzub5aFefM-WFaCX0um1AOShyIl1SebgjonWADV1AFWhXK00GDlbEnYq211x_UtBz6yHETTKRTmZ055qtOuuJ2F82oKbLtk9tsRpsBqaDcNDt0JU6h-5Qcy2gwTLpfgyPwUA-uOAbsgwldH9utT7mSVYXRi4sn1lpAIk_Uv63odxedtQBV2u6_WtdlRZYo5_qby0bbFDCHap98Y4uG6V030D41Ua4WVXFwlrDHxzRWci1N9faA3zj5luOXykrxhsyenpUNep0WRelktgR0gIvgTZytfsNt2XEMnGtj6R31ZNQYdvv-OZuONYbd2aSV0i_iofWx3FC7Lp0mW0wsODr2m1VT76P6Jsr433MYTi901KsOJndeTqw3QHVFlY40aYYRo9kZ54qLpQuLFU9jlJhZF-orBPoOHDrYoLMxng3bLlPpLiyzc0EJ_t9UazghMkn2KyCeQoabxSTrZfnfpYF2IYHtWaoDXSsTmonYQlxaxSV0IkC6-H-b1lwCyObn2VENmhJl5Mfvf4GtV0Fg07cfKNGhZFshVU9tiaC4tSAlgue5uBYC1ovge7PW8D0ou81Hp-rTs_2OCK4ZAdGv1hWX31HvqVnbdJduXhggfENx9P-1_6hefaAi6DSysDylLjcqRaHJWYYE5JEN49Gcg0pHKH0wuJsdzf7-wjrT_86sqVeTZkpWVOifTIjuOyRoe8fJ65H59Xsr39OJ3d2sGKezkiTr6X1tX_i3Qlj2ZGH1aYskfzmlIFweOi_WMGkBZAPIjVHEJlqJ8tEOaNuao4zdFCOGvPX-GZZYXDq4RdmT9yrna-pPjR4t1cOkSoU9VYAomIYZa4G4jhjyta8ySAvyIoTrJ2l-xOF9-HO2Rcf3EAIZac7K98h4B853fuM84xkQDCpMx313b__JoqXlroefxW7O1lHZ3dMrFm3wvhTjJshuErphTeF5gRcj0DmpSeAGGtkhrlKHGz1uzAAnQyJM7&sai=AMfl-YSMlCJYFkMxTBFLNrLKbh15j-AnRyCST_wG747ZOjHxmTo38ywWg3XlRe_0YfenOB3TVWsKhrGJ_8o1b9blxgF1Nu2-MhO4-3Oe72VB3BYnnYvZR715cdlcv_8ZcX35LZRPrAth11t-mZ89oWNmt8bHB9ANjYb7hpRareyS4IGHtu60Qu9KmNoAGpMQ45a-4fFtg7133C2gmIs5vWILArClHx-t_ol_UXSLoYM&sig=Cg0ArKJSzJ2iKJyl0ByMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=169&cbvp=1&cisv=r20230829.10727&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 31 Aug 2023 08:07:20 GMT

GET
H3 200 15990846766456855062
s0.2mdn.net/simgad/ Frame FE81 26 KB
26 KB 69ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15990846766456855062

Requested by

Host: 70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
URL: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

400489cfb920375e445d4285c9d247de210aa9d665dd4bc3ed29e7c3b9bb8e86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:21 GMT
x-content-type-options: nosniff
age: 155939
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26724
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:21 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BA9B 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 351335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js Show response
pagead2.googlesyndication.com/bg/ Frame 6FFE 38 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cZSlmfR8SDt076FNoYIuLG5p7zquw_7CpDxGN0dSu4o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 149859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14792
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:29:41 GMT

GET
H3 200 zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js Show response
pagead2.googlesyndication.com/bg/ Frame BA9B 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/zbsophEl4vgXz8qX3EWcY8Q67iIQ7bFnjGnqUyxIR6M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 149908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:28:52 GMT

GET
H/1.1 200
OK request.php Show response
hal900016.redintelligence.net/ Frame EF4B 613 B
937 B 224ms
109ms Script
application/x-javascript 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=618963518f&subid=&uid=8430436268e2261c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fad.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqKd7N0rwZOrfF7CgmLAP_ua_8AuRwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAjYVSmSyVbI-qAMByAObBKoE7gFP0Hi8EfoAxLV7S6OWSU0UVHFD39JWhFNvNELevZOK8YR3Eyf8-4Uj0m-Nn4fgfQJySxj5ZruVQha9IS_rFH-jHzdhd31JlaOXmYzk7ZarYsCjCbSgbx40wMeuHCZ9icawTLUcPzSMuVgMHc6EpeyK-zU1Ith9HFAHq3OplclDydASPw7WidpRznx-1LJyaL97ZuWIf7blRPNu74xJWzFxBQtilTdQXiGTc1pOSjKuCA4ThV6Z3WN8WXF2fYl1_CqgwJUWnX0aX4zQBv4_OPZTccHQHCGqYtqzi_Jfbd8lQzJeYULmqg7hRx1rzlHawAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIqtfOw7iGgQMVMBAGAB1-8w--EAEYASAAEgKcwfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE%26sig%3DAOD64_20LXSLUUDzdq6Wah9XvYt6xzxMSQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CniNCASrIXCV6VfO0-ftPNbGOuSsZ3_71QGXKnsnmFPUkoF2wg9-_cFCYjL7KIGzRUvhpcEgj1zRksTqr-sAeOh6MA_k3XnKaCWvroNbKNmbMajanVCNvxjTRy6vB_2eEYAK_VQ-pS73snYHI_o2xu4svEsxVoJ73Cb5tO0n-jBKKTLGc%26cry%3D1%26dbm_d%3DAKAmf-DeoTkSw3_KiJvUImisaNEJp_N3mMf52HZ8Gjxdhh5uP4QCmR-55_lnfd0SdC_xghLHdjbjT6JCI-fBjhm6pR3SGaV5N4tDTLOlUKssfz2CGY7GdcNsfdsTikd1BSyw81p3Sly5FKD-C7XhXjjKZuigG6gbeS_tNDRZCiGUIEu_Qhb3tu-QJ8USbpYyzqZd0GGHT6m7RpSBHd2m1lYH_nJUXxDJF5S4qSZNNDQhXr-aDg1YigzVQjdZFFkky9Us45hou75Sm3JsRnU00R8gDvB1pfoPvncLvJQzdKnvHRraCvhlUhrFmvFn0ojvIBqCWijSGiMGPPzZaQxo5BgUa4-AsLCDUwO9KSUXO_La81LH8aMsO7HbhJOy4lkresviDwh48sK3fkxIA9-QZb-lSqzsr51ATdAmWW1kf6jNpDxsLfhmK4_gniaS-zF2zqVUvghDawkMWV7U0elEMoLiWpt1_vOianqbgkBiXa6i5rcnR8NGc6tbi3N8qBa6cQJqr_X3a13vkyOFnkPMGc0Q40RktwJdYIgRINd-YW1fQQ1HPheq4V4%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5299790312064&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ykuzho0n7xq0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fad.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqKd7N0rwZOrfF7CgmLAP_ua_8AuRwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAjYVSmSyVbI-qAMByAObBKoE7gFP0Hi8EfoAxLV7S6OWSU0UVHFD39JWhFNvNELevZOK8YR3Eyf8-4Uj0m-Nn4fgfQJySxj5ZruVQha9IS_rFH-jHzdhd31JlaOXmYzk7ZarYsCjCbSgbx40wMeuHCZ9icawTLUcPzSMuVgMHc6EpeyK-zU1Ith9HFAHq3OplclDydASPw7WidpRznx-1LJyaL97ZuWIf7blRPNu74xJWzFxBQtilTdQXiGTc1pOSjKuCA4ThV6Z3WN8WXF2fYl1_CqgwJUWnX0aX4zQBv4_OPZTccHQHCGqYtqzi_Jfbd8lQzJeYULmqg7hRx1rzlHawAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIqtfOw7iGgQMVMBAGAB1-8w--EAEYASAAEgKcwfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE%26sig%3DAOD64_20LXSLUUDzdq6Wah9XvYt6xzxMSQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CniNCASrIXCV6VfO0-ftPNbGOuSsZ3_71QGXKnsnmFPUkoF2wg9-_cFCYjL7KIGzRUvhpcEgj1zRksTqr-sAeOh6MA_k3XnKaCWvroNbKNmbMajanVCNvxjTRy6vB_2eEYAK_VQ-pS73snYHI_o2xu4svEsxVoJ73Cb5tO0n-jBKKTLGc%26cry%3D1%26dbm_d%3DAKAmf-DeoTkSw3_KiJvUImisaNEJp_N3mMf52HZ8Gjxdhh5uP4QCmR-55_lnfd0SdC_xghLHdjbjT6JCI-fBjhm6pR3SGaV5N4tDTLOlUKssfz2CGY7GdcNsfdsTikd1BSyw81p3Sly5FKD-C7XhXjjKZuigG6gbeS_tNDRZCiGUIEu_Qhb3tu-QJ8USbpYyzqZd0GGHT6m7RpSBHd2m1lYH_nJUXxDJF5S4qSZNNDQhXr-aDg1YigzVQjdZFFkky9Us45hou75Sm3JsRnU00R8gDvB1pfoPvncLvJQzdKnvHRraCvhlUhrFmvFn0ojvIBqCWijSGiMGPPzZaQxo5BgUa4-AsLCDUwO9KSUXO_La81LH8aMsO7HbhJOy4lkresviDwh48sK3fkxIA9-QZb-lSqzsr51ATdAmWW1kf6jNpDxsLfhmK4_gniaS-zF2zqVUvghDawkMWV7U0elEMoLiWpt1_vOianqbgkBiXa6i5rcnR8NGc6tbi3N8qBa6cQJqr_X3a13vkyOFnkPMGc0Q40RktwJdYIgRINd-YW1fQQ1HPheq4V4%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6ec05a9be337ea27e3c743e9bdb95bbed8d47001dd9fe03d22e1db3971e4b381

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 79587400049275604438268012433016
Connection: close
Content-Length: 331
Expires: Thu, 31 Aug 2023 09:07:20 +0200

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FE81 0
0 70ms
70ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_hpAmWFYeBM4HuOD20nir1FgNsvX7jj1nLypcKJmyYJ0RZg6TOCz2Ps38DIp5QkjQ6fI-pcBRbhJK6nK0R0_YFm75vVzSTAg094rCsEFmdZtOaC6yqNBA2p7yQMvOxKV1v4VazS5tQX54-Ff0cpnnjElxDM3mOTw5pUYAOnZTwg0M97Fuis7RVzYB5ZFBeb3qBzoc2wucw3_bvMxLPCW8xbkD8Zgv_yDtn0dXc0n78IADxHf2WuGvb3USzgyoHuWHps9Eyk9aQ3Xggg6YiF_olYVFmGH8Y9-bWwIqyiR9P5NFvos4_p1KErqAzTnN1tyrYDsHqBCO1Hg-9rJlsM_lKMzub5aFefM-WFaCX0um1AOShyIl1SebgjonWADV1AFWhXK00GDlbEnYq211x_UtBz6yHETTKRTmZ055qtOuuJ2F82oKbLtk9tsRpsBqaDcNDt0JU6h-5Qcy2gwTLpfgyPwUA-uOAbsgwldH9utT7mSVYXRi4sn1lpAIk_Uv63odxedtQBV2u6_WtdlRZYo5_qby0bbFDCHap98Y4uG6V030D41Ua4WVXFwlrDHxzRWci1N9faA3zj5luOXykrxhsyenpUNep0WRelktgR0gIvgTZytfsNt2XEMnGtj6R31ZNQYdvv-OZuONYbd2aSV0i_iofWx3FC7Lp0mW0wsODr2m1VT76P6Jsr433MYTi901KsOJndeTqw3QHVFlY40aYYRo9kZ54qLpQuLFU9jlJhZF-orBPoOHDrYoLMxng3bLlPpLiyzc0EJ_t9UazghMkn2KyCeQoabxSTrZfnfpYF2IYHtWaoDXSsTmonYQlxaxSV0IkC6-H-b1lwCyObn2VENmhJl5Mfvf4GtV0Fg07cfKNGhZFshVU9tiaC4tSAlgue5uBYC1ovge7PW8D0ou81Hp-rTs_2OCK4ZAdGv1hWX31HvqVnbdJduXhggfENx9P-1_6hefaAi6DSysDylLjcqRaHJWYYE5JEN49Gcg0pHKH0wuJsdzf7-wjrT_86sqVeTZkpWVOifTIjuOyRoe8fJ65H59Xsr39OJ3d2sGKezkiTr6X1tX_i3Qlj2ZGH1aYskfzmlIFweOi_WMGkBZAPIjVHEJlqJ8tEOaNuao4zdFCOGvPX-GZZYXDq4RdmT9yrna-pPjR4t1cOkSoU9VYAomIYZa4G4jhjyta8ySAvyIoTrJ2l-xOF9-HO2Rcf3EAIZac7K98h4B853fuM84xkQDCpMx313b__JoqXlroefxW7O1lHZ3dMrFm3wvhTjJshuErphTeF5gRcj0DmpSeAGGtkhrlKHGz1uzAAnQyJM7&sai=AMfl-YSMlCJYFkMxTBFLNrLKbh15j-AnRyCST_wG747ZOjHxmTo38ywWg3XlRe_0YfenOB3TVWsKhrGJ_8o1b9blxgF1Nu2-MhO4-3Oe72VB3BYnnYvZR715cdlcv_8ZcX35LZRPrAth11t-mZ89oWNmt8bHB9ANjYb7hpRareyS4IGHtu60Qu9KmNoAGpMQ45a-4fFtg7133C2gmIs5vWILArClHx-t_ol_UXSLoYM&sig=Cg0ArKJSzJ2iKJyl0ByMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=296&vt=11&dtpt=127&dett=3&cstd=292&cisv=r20230829.10727&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:20 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 13 KB
4 KB 24ms
24ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

529cc06edd1a2365a814d55c12ae343a285bdd93c5d78393502b41fce3bec6bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 155939
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4335
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 12:48:21 GMT
expires: Wed, 28 Aug 2024 12:48:21 GMT
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 m-stage.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 1 KB
1 KB 33ms
32ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/m-stage.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53171c5ec21591c1dc0c3fcbbc5ae8651816a7cd2d6237d23befab64b18af5e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1126
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 keyvisual.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 23 KB
23 KB 33ms
33ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/keyvisual.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed3d6f20acc6105a9960c3f827cd1b873de5dc4f1585fc628fd67f2809f7a2f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23314
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 yogurt_shadow1.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 2 KB
2 KB 36ms
32ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/yogurt_shadow1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

023faa99ebc108ef1a2a66c5f31fb92cee476df6aecde7352da393d1ac85d6f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1952
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 yogurt1.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 5 KB
5 KB 41ms
38ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/yogurt1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c858086f8cebabe9b923e696d4f3c46fbbc42838494f8039ebf991fe45f7911c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5443
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 yogurt_shadow2.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 2 KB
2 KB 35ms
31ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/yogurt_shadow2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c8010cf97a1a587bbdeacc4490823790d9a3b02f4cb1a78b4abce6ce7d59e04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2046
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 yogurt2.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 5 KB
5 KB 36ms
33ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/yogurt2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13d292ce06450134156b73b94ddb7e4a39a19e73dc4912e7dec806fe4bc71994

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4997
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 t1.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 1 KB
1 KB 43ms
40ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/t1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

276689d8c9e40394dd21f77c0a2f6129bdf06dd2804ea418ee30f5f8eb8ceaf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1228
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 t2.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 1 KB
1 KB 36ms
33ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/t2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ab110884b68dc3065f8e13abab23d3216228beed5e933e2dc4071607efa67e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1037
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 t3.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 915 B
942 B 35ms
32ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/t3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd88b8018ee28ee71feca6ba40c956bf2c441af5328f54071062ed77587d75ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 915
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 852 B
879 B 53ms
50ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4705fa2d1b69a0f86315c95c69e6d1bb063a3b891df9189b7b5003aa77339a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 852
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 icon.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 1 KB
2 KB 52ms
50ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/icon.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64fcd710d1b1a2f50a177d5271259b3b3bf29f259be86a882173ef56edad6b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1527
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H3 200 migros_logo.png
s0.2mdn.net/sadbundle/9861506145627241788/ Frame 6979 3 KB
3 KB 45ms
42ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9861506145627241788/migros_logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0041f309bdbb7e52acc4edd65dc692bd791f181121749548fd72e94544abc8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 12:48:22 GMT
x-content-type-options: nosniff
age: 155938
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2852
x-xss-protection: 0
last-modified: Wed, 23 Aug 2023 16:31:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Aug 2024 12:48:22 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900027.redintelligence.net/ Frame 8ED7 4 KB
2 KB 92ms
30ms Document
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/request_content.php?s=46722000037455304438268012433027&a=fe09ac78
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=ef633e9200&subid=&uid=87a0a2931de025c7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-2HLN0rwZLalC-eEhcIP7a-eWJHB0Jtpu-mDktwP8C4QASDTy84wYPWVzoHgBMgBCakC0-pTdV1Ssj6oAwHIA5uEgIAEqgTuAU_QdKgdrVP4glRwJX4RZx3S0mhVJq-8lYCLvio3NM_sx7c9quQYp7cTb5sdNd44-wlI_jjiug7V7DEneKQKpXH8tjAPWC4bA1jzQtdUk7xw5AcXecx_2_F1d4i5fEgx7UpGCRo37PSouefY6wWXHs9tMYEd0qN-fC8OfJ7OOnpLUD-7XiF1-y7LpLHJMYdqAxOmYtNWpzOG6qKS8QhoMEamcUGmdqseAhfiXoHOT4_wASVW405K5S979DIaZjYwLYCJ_vDYpIlKbJLuZvuSvGqv0_jDhuv_rlYHKcP2v8uxiFklV-5zOXwCQBckDd3ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGF0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9pzCw7iGgQMVZ0JBAh3tlwcLEAEYASAAEgJ_CPD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWkrMHiWxgyy6ESXgeOlmr08J06SyqcmAwXhNKkQpxgPwFHJAsGAE%26sig%3DAOD64_1dgCX7afXR6OplnoEnfrG6MRq5AA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DQqzCGE2VvtSJKoWD2KN7nSJ9k4IXYTf0TdF9yBAE7LqdMPABxQyBB-dLyBtG2qK1SwCuntHOERMstTAioej9-GrVRv76E5lkxRj61w0BaTkCOB2HMP5ezpERKTUY5eQeAxRGGrFz_9ZsXtVyVffKiLhAAa937GKM_pFRAoRAsmpcq19A%26cry%3D1%26dbm_d%3DAKAmf-AUmtK5Q4nAGOq9f5p1luTypX4IMB9fCg15XAcaCGAxP39xbFCHQms5Ei8cVYfPQeUisSELvD8rEXq-Vp-_-yoedTXNq9jDgdIeuLHKDy2UIHMPPGgtkmSwmAGqRASFGRSLhBHwmjxAstWsmcicmhmkjlbHf2vlaF7silrMMNx9L4NcNn1fil2Cj2K9DUFDRYKTeW9RtMBCh5voJ0NU-h0EyVP_bV3RuCBQPELxlF-EJbHvWC1SHqDyNnb8EeW8U9o7Az6lP06pL5I4963lBlNnoDa0_KKzA7rB_af2Je5koZynTyGkLhxm7j9g0n2vAOSdDSxVA3TDbxx89-_wb1K1c5MYdzQ5Nb9_gOTMnegTSoFotLKNYcOiVSuywDt0F31NVDwsJt3BvFAN1rPTAtqrjESJtm_zzWZJXaKKcvu2GnrRm96uMZOYxbat4aL7zPGMyC28oms_GEVN6lgwAnf6G0DxSDfnh4k05zRFsSXdouiKNfQ3aAfKnJYhcQHYJa09zYYp1QSHlJLfOhsiBQdhEDNuP34TPwvnXfD0vQDbbuWEdow%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5708428795426&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: bc83bf6058c6a9dd144371e092c7efbd6b4f2a3c3f29abb4d7128895930a962c

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1506
Content-Type: text/html; charset=utf-8
Date: Thu, 31 Aug 2023 08:07:20 GMT
Expires: Thu, 31 Aug 2023 09:07:20 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 008A 1 KB
643 B 23ms
22ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 75201
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6979 63 KB
25 KB 66ms
55ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9861506145627241788/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 31 Aug 2023 08:07:20 GMT

GET
DATA 200
OK truncated
/ Frame 0593 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be5c3de6deb280576b70d0b9b9d5d50b9e9d2a3aa08fe81dddfa14692d27c407

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 38E2 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJxlEN0rwZILhL8GNrASTla7gCwAAAAA4AeAEAg&bg=!CgmlCUbNAAYHwnCgJ8I7ADQBe5WfOOoZQNcRVSezV07roo8y5UlRZL5RT4x5D6Pm9J9iFv1d_zQE9UEZZTazLSV7SPY1AgAAAMpSAAAAVmgBB5kDOFTVzriFRExNY70zHEC3dUtJvYIfxGr7b7WSzjhU1vKqukRP4nNLKmsBj-a4oKtoX8qkQ_-NuKlqDgIJY3A8ttAocQjaKzxAdHCtTd5HK1pQkME14K5Hqo4wGv7I4ERGuvMk1GkOKjrvB2rNfKv-MP51cdNqZQMwVW8iU5nL3tvbpGzmjOvQVbNhXBtubrVDMyCA3GKdgJnlL3isX8qM_oSi068WzVs-puQXhw9V8ObgnLBVpf9sB6rY7hlUT4758ua4iMAiqwowMmW4E1pQLaHYBtw-edaEd0KZJYJuG_F8EDCzGRClmQNNWiZ5fDumsemZnvZA-6plO5SbfB8v_4wNJPNrLbM2_MKv7AfS4T6GsOIFwcLvvVnsNTr76nBDbT6KopnSa2xoAzOuq7Eii6MOGbUMDKSu2epWgPzi9D_HIB17bjiJ1OTQJJIIMVoI7-kbTTHAUXrOMbzDtjFlNRihmeJf-dVFAV7IrngJQIrrq63v55URttaom-Mr3FmQw315cUA58hr8YncKPJrTeYSfiZ8rQozrOZCACQ9F066R6SHJeW-C9SGoB7W2PXrbg3UD5n6-FwMjJrPKMSEHVipB8bVVQD_u2u1bIp5t-gOpXc_KwJnw76T59st-J9H1Mp9aQg_gS_dgS9hqDqcggmuJ59szT_Iy2csHEmBUx8Y1D5VnRfRuIcMKwML5S8edBxY7KLRIwg0I2MOoSTwhQnSSnlaUcx94t3RhBaF2NHtrRAPnSePMNA219dO8XUH2RTLgAGtto11qwtLwhpXDN-SzgoNr1L3TI-Pz_YUgM80SW59BlcIpGEpK4fSYbUOMAB7j78KfKZgVHp6NJ4zRBGrRhhnBoyarU1f36ZswuZRpJO0yZrr9ufZNzukSRTV2qZCT03jwUAOmW_aP8XgYcLILGSj3bkJ6Z5PLk1Dv5w8L3kNg2PxO7lYRpmKluRCc7fpoRtGRg1W8F-erJuFVFP7gQnN32dmOIaBFcP5TMcJIz7CJ_V7juBjgxJu3i6oFWC39nQe0FH9ZLbGdR9zKJvLLttoUWeh1fuCm-ft1HwiWrUpuS-Y4XiS4Ad8lfn5mkDimI7WBx3LR

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK S-120x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 8ED7 33 KB
34 KB 195ms
80ms Image
image/gif 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-120x600.gif
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=46722000037455304438268012433027&a=fe09ac78
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 Weil am Rhein, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e5b7f02b23fdfaa750168663e07aa8da6df9b31692b4e470097c1122b3fe2678

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900027.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-8530"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 34096

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKPAUCK3YB8wkinvR_gHYyY&google_cver=1&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyrnB...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyr...

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyrnBTadu83CEwVVHihbgaw

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTcyODY2NzU4ODI3MDQ5ODkzOQ&google_push=AXcoOmRYXhZ2-Yuffd8lGN-qfPsw6bC1_IvysNgNiy67AzxaOMK-NFcZb1Ip12naGqWo32qkwVPlyrnBTadu83CEwVVHihbgaw
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEP4tqlRoyDaeYfJvpeUUDlE&google_cver=1&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE&google_hm=CfaN8_3SyoAI7QSwn2hiiA==

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE&google_hm=CfaN8_3SyoAI7QSwn2hiiA==

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AXcoOmQddxXMJ3frDskZf58x3esRPsBFHLvzmUonXW73wgrG28cUz4RrA9SiaCaZOHZIGVOmouDmkKgZvardXt-BcLMX642DGEE&google_hm=CfaN8_3SyoAI7QSwn2hiiA==
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 228

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO1VLi29SurrKhppIAUfRHU&google_cver=1&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_d...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_dXyY5Was5ZY&google_hm=HPenpGZHH24Y4TrDTyynAuak

170 B
188 B

38ms
37ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_dXyY5Was5ZY&google_hm=HPenpGZHH24Y4TrDTyynAuak

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTti1DhY7G7yn3X0YLwcbhlCKx-xiWovFIX44uE2dgE6u15fG6JJK1DvRBpBVB0sj_MwAVYOkhud2rRisn_dXyY5Was5ZY&google_hm=HPenpGZHH24Y4TrDTyynAuak
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEAJUR1y1vqb4HJO428nM2Ko&google_cver=1&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ&google_hm=M21ESnNVVUVFa1VhYVAxR...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ&google_hm=M21ESnNVVUVFa1VhYVAxR1NWbDU=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmSXm1SAXI4Igkxg0nAak5W6cSxZnB5GuSmDbeBGwALyPn5QNe4sDjetRjkgn9fHuI9HwXQJvhu-GItJtDIn1BdEFs32ylQ&google_hm=M21ESnNVVUVFa1VhYVAxR1NWbDU=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEBBNIswc00x_OIIsiFJWUpE&google_cver=1&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4g...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBBNIswc00x_OIIsiFJWUpE&google_cver=1&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZ...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Vg0wAIhKTzSBZTG16Kb7_w&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278U...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Vg0wAIhKTzSBZTG16Kb7_w&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4gDGA2U

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Vg0wAIhKTzSBZTG16Kb7_w&google_push=AXcoOmR9MVEFqMPFldJlDcpCmmWLqJjw8WyeTJa6VBZQpagCkTrIUQ3WLdOspCVYlbTgKjed_L_3QJgTPff278UZokKK4gDGA2U
access-control-allow-origin: *
date: Thu, 31 Aug 2023 08:07:20 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 008A 0
44 B 766ms
248ms Image
text/plain 52.195.45.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEJfWL2ujTgW0KyfF9N6pPtU&google_cver=1&google_push=AXcoOmSGI8sUwuEuyfYQE51Q4aR69WzVtt0-ZaLPfWLivjJWCGU-TyOFW-d-9p8oSjWuKySG9YQIVLKLyNi6iV0aahmx_KzrNBQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238239&bpp=526&bdt=178&idt=890&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4016865564&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077371%2C44795922%2C31076996&oid=2&pvsid=1436572443372765&tmod=184231431&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.9i8p1hhv06o5&fsb=1&dtd=917
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.195.45.163 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-195-45-163.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 008A
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEMMECo8Hs27r3OcgXyEk1RA&google_cver=1&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7WhuNaAfP6mSgWvFO7RWX09u75FUlNRyS8

170 B
188 B

39ms
38ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7WhuNaAfP6mSgWvFO7RWX09u75FUlNRyS8

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 31 Aug 2023 08:07:21 GMT
X-Bytefaas-Request-Id: 20230831080721CA3CD72C4487622A72CD
x-tt-trace-tag: id=00;cdn-cache=miss
Connection: keep-alive
server-timing: inner; dur=4
Content-Length: 0
Server: nginx
X-Tt-Logid: 20230831080721CA3CD72C4487622A72CD
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmT9MkIL3Pz63nG5Zs-Ycv0BAVJHc-V6KS9XhzOrukOba7cM1M2wvlCthbXodD7WhuNaAfP6mSgWvFO7RWX09u75FUlNRyS8
X-Bytefaas-Execution-Duration: 3.43
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
x-tt-trace-host: 014af3859b4d71ee855b516a7c490c87cfa06f073a041e321407cec9f1578cc0071e8739e6bf7f58824995279ca1a3d972549aaf1b698d6e6018280c905f438abf50527354f31af41ddf8692fbb44d3c97
Access-Control-Allow-Headers: *

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 008A 0
12 B 35ms
34ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IawKnWZbeyuQA1ThkQ0gF1ddtI0b1ova2lI0KbsFxrJ2hfZGGtwg4UnqrMKOlb0cKBay0ueA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900027.redintelligence.net/ Frame 8ED7 0
150 B 87ms
31ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/viewability?s=46722000037455304438268012433027&a=d9b4d6b4&vb=m
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=46722000037455304438268012433027&a=fe09ac78
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900027.redintelligence.net/request_content.php?s=46722000037455304438268012433027&a=fe09ac78
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 8ED7 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame 58D2 4 KB
2 KB 120ms
46ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=79587400049275604438268012433016&a=d23e1d3f
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=618963518f&subid=&uid=8430436268e2261c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fad.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqKd7N0rwZOrfF7CgmLAP_ua_8AuRwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAjYVSmSyVbI-qAMByAObBKoE7gFP0Hi8EfoAxLV7S6OWSU0UVHFD39JWhFNvNELevZOK8YR3Eyf8-4Uj0m-Nn4fgfQJySxj5ZruVQha9IS_rFH-jHzdhd31JlaOXmYzk7ZarYsCjCbSgbx40wMeuHCZ9icawTLUcPzSMuVgMHc6EpeyK-zU1Ith9HFAHq3OplclDydASPw7WidpRznx-1LJyaL97ZuWIf7blRPNu74xJWzFxBQtilTdQXiGTc1pOSjKuCA4ThV6Z3WN8WXF2fYl1_CqgwJUWnX0aX4zQBv4_OPZTccHQHCGqYtqzi_Jfbd8lQzJeYULmqg7hRx1rzlHawAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIqtfOw7iGgQMVMBAGAB1-8w--EAEYASAAEgKcwfD_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWTGf85S3SGhylPSNYhCGppBiX2rPShXAebUAokIrpTf7ltXSSGAE%26sig%3DAOD64_20LXSLUUDzdq6Wah9XvYt6xzxMSQ%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-CniNCASrIXCV6VfO0-ftPNbGOuSsZ3_71QGXKnsnmFPUkoF2wg9-_cFCYjL7KIGzRUvhpcEgj1zRksTqr-sAeOh6MA_k3XnKaCWvroNbKNmbMajanVCNvxjTRy6vB_2eEYAK_VQ-pS73snYHI_o2xu4svEsxVoJ73Cb5tO0n-jBKKTLGc%26cry%3D1%26dbm_d%3DAKAmf-DeoTkSw3_KiJvUImisaNEJp_N3mMf52HZ8Gjxdhh5uP4QCmR-55_lnfd0SdC_xghLHdjbjT6JCI-fBjhm6pR3SGaV5N4tDTLOlUKssfz2CGY7GdcNsfdsTikd1BSyw81p3Sly5FKD-C7XhXjjKZuigG6gbeS_tNDRZCiGUIEu_Qhb3tu-QJ8USbpYyzqZd0GGHT6m7RpSBHd2m1lYH_nJUXxDJF5S4qSZNNDQhXr-aDg1YigzVQjdZFFkky9Us45hou75Sm3JsRnU00R8gDvB1pfoPvncLvJQzdKnvHRraCvhlUhrFmvFn0ojvIBqCWijSGiMGPPzZaQxo5BgUa4-AsLCDUwO9KSUXO_La81LH8aMsO7HbhJOy4lkresviDwh48sK3fkxIA9-QZb-lSqzsr51ATdAmWW1kf6jNpDxsLfhmK4_gniaS-zF2zqVUvghDawkMWV7U0elEMoLiWpt1_vOianqbgkBiXa6i5rcnR8NGc6tbi3N8qBa6cQJqr_X3a13vkyOFnkPMGc0Q40RktwJdYIgRINd-YW1fQQ1HPheq4V4%26adurl%3D&documentReferer=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5299790312064&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ce27563a76cf985b34e9f82929e8a81bddf9187e03675f2ac5d9124ed5a9c7f1

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1505
Content-Type: text/html; charset=utf-8
Date: Thu, 31 Aug 2023 08:07:20 GMT
Expires: Thu, 31 Aug 2023 09:07:20 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E184 1 KB
643 B 27ms
25ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 75201
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 11:13:59 GMT
etag: 48472445140208031
expires: Thu, 31 Aug 2023 11:13:59 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame E184
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df...

43 B
428 B

198ms
190ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ff3c784fa164c64-MXP
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 3060
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJrJys_g3ajTP-n5dMjd-U4&google_cver=1&google_push=AXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ4xQb2DYYJtaomZ3f2w_iyjHR_Wzoq7DqhhHzpd5R_qwv-tB7vqb8anhuEUMYn4kwTBbRzNnKuqdpuO7gPLpHY6ZIc4df_2A%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7ff3c783b87c4c64-MXP
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET 5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame E184 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E184
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOITH6Mv-g5pluqSpC_uqDg&google_cver=1&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp1...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp10tHW5E04kyafuNy0H7g&google_hm=eGb99BGLRbev7n2w7k...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp10tHW5E04kyafuNy0H7g&google_hm=eGb99BGLRbev7n2w7kK25oM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTIgRFq08yXUUeI__9G9j_lFlGBYXLRrUnn5DKP7BvQfRF5IMo0N7npFcaUba6Nw4S-ZN6_KpINvp10tHW5E04kyafuNy0H7g&google_hm=eGb99BGLRbev7n2w7kK25oM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E184
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEA1y7Cp7AX-gbu7NaGeZ2TQ&google_cver=1&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3MzM5NTAwMjYwNDA1ODc4MQ%3D%3D&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5k_K8...

170 B
188 B

39ms
38ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3MzM5NTAwMjYwNDA1ODc4MQ%3D%3D&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5k_K8cMJ6j_GxRCQw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3MzM5NTAwMjYwNDA1ODc4MQ%3D%3D&google_push=AXcoOmScH8p-DO-_wWtQgwgNArmgrSLSmaZkhtvY5woW2WkG_pPRJYJ4PjpN2kwX8Z6lSgrgjpCyvM4bySiZt5k_K8cMJ6j_GxRCQw
Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E184
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESENKkvs_XKo2Zubc0pSgVDFI&google_cver=1&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmo...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESENKkvs_XKo2Zubc0pSgVDFI&google_cver=1&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmo...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1rRDN1V2ExRTJ1RzdWRXdGbnNia0M1NW1OQ0FCTm1hUn5B&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1rRDN1V2ExRTJ1RzdWRXdGbnNia0M1NW1OQ0FCTm1hUn5B&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmouzqNEtUDf7XFjfxOli4eqOo92a1A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1rRDN1V2ExRTJ1RzdWRXdGbnNia0M1NW1OQ0FCTm1hUn5B&google_push=AXcoOmSzR_6Qv-nqLkLY4HSAZb-5IDBcLiyPPq6hZ1kerMjSVEMZvH6Ws1nFIzbZP-GwEojtmouzqNEtUDf7XFjfxOli4eqOo92a1A
date: Thu, 31 Aug 2023 08:07:20 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E184
Redirect Chain

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESELccZJYUvuiiUR2OPf-Ik5I&google_cver=1&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63X...
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESELccZJYUvuiiUR2OPf-Ik5I&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63X...
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98&google_hm=UWk1OEc2U2c1W...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98&google_hm=UWk1OEc2U2c1WERIdlJnMVhsdXA=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 31 Aug 2023 08:07:21 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmSE6FnitzcLKFCJF63vg7oc0oXQae4LY13reE8Ao37QnhUi1ZviyvSKQmuys_EuiN2pUs63XsaQZnlt3laBCpmP1QLrjSijQ98&google_hm=UWk1OEc2U2c1WERIdlJnMVhsdXA=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 243
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E184
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEGf_hnIcKoXCaa6KMmVRGNY&google_cver=1&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajl...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajls8BwDs&google_hm=cf8806ac995...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajls8BwDs&google_hm=cf8806ac995c35dac91f2dc224767887

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRNGIAbmlyWwtl2PrQGIalw8txa7U-j6Cy2IYOqjYxamMvMtBsabfwyz22cS-jjNuSY733yjuXA4Knu6F47VeGe91ajls8BwDs&google_hm=cf8806ac995c35dac91f2dc224767887
date: Thu, 31 Aug 2023 08:07:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
content-type: text/html; charset=utf-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E184 0
12 B 48ms
41ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JF39L8uXKdYVVo7Ra6Ah9CNeJQKStES0wavZpsfoeQ4iyI16Mgt7ojk63lbAUuBWIGsq4OTKLJ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6FFE 0
20 B 131ms
127ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bly0uOErwZIyqBtan9u8PwbuPoA4AAAAAOAHgBAI&bg=!kpGlkd7NAAZnwVY5R8E7ADQBe5WfOL_meKkESn3_oN3g_ydZHrlAJo5GQA4zYa5HSb868y3eO4C3l6uXt48E7tU8cf5aAgAAAVhSAAAAB2gBB5kDWrbK-kErx3bNzuL3LYSliTl_D9QwR3ec_8G3vJPy4uQn-tStvdWqo9f0vfaPnLigeNl0IfjbHPsQq4lIyRVt1KAmvE5Qvpqj4MG6VJLYxoO0u5kkzjtj2NxpYPagMik9Wxzn9w-9T4NR6VzmhQ4mnUBdQ83zB-DCoEl0DR1Bb54nm4EC_TPoO4n86Hw0Ft5C8t1OVuGNXaq1Uv9uftaR5EchMNCS4kGGN2it84XOiJdy1JoFafS_dv81OMS6EjlZP5-Saf0ACzoGsOQrpb8rgVo6l7FrcJGXU4p6oDHj8ujy49Cy30MbyVIQtqsWpN6QnBVWO5_KqgRgnSUGZETTUiUcYj9aO2Z9bvTvaV3v5STSfxbpstG_NX_gFSVk0NnM-HGIGdtfWxjiT9Mm0CA5AYfNSMKjxRZm-BMqYPeYREo9STFuKrhoDdYyeGvIUpsZl-Mq2NjzQxfco46Sfs1-2v8XKY2b6KdFp8ENWFGy3kLkUztiRhs9f1R61ljsbJOKfYHVqk_7GHLEb6iDvi2noi5MiTSaVdlPmcKYrS_Mc8-pZovZu717Pvzg8sV3gHWshDlkirDIctIsYyze5Ybz9RxYmavY0_ARvm1sPz44USPSOtb4QI5_XxEf2SPimM8wV3uecTLiJcnyigDv4sMgM98nMqr7JUxq3VIeVdE-o6fpDnFDeAL-T1GRWMUYp_hrY-cSC0LtM1UKecQP046WBr1nclRNZbzJ4aVfX7myUYYULPOluW-mLKH5H6oCmU93Al4gWsBq_56wauxY1bDaua9ZSEJPiX0ZbEbdp_U51kcwD-H_QUFWJ-Y12dYO_J2Kmjld8qRvc8B-MpD6_lmUTnHmtviYkxgmdzOb-qyodfUDlisz_wRpMoqjRzBlkkd7uSxcMMgUyFcWtSljdJ86ICEe0a58pvwRYf-29xhtr5o_FpRxfSunw0C-Gi-2NeouJGNyIKqu1l2RuJE9uBpOb4gWFOa6t8qnbGQ_HaZepNy232RAgneDX2qMEHYhYTI4TWPcrUMls85iXpww7JfEH3W0k1oSKDV6hpbl-vOyTo3N1orq600vKFD2qVbKKbKYj59Ss_QQOsx6iu4-ZR3jbaAsjqTslLP2VrSvrxo8rZHDC3kEQj_gDEnBXw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK S-120x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 58D2 33 KB
34 KB 137ms
51ms Image
image/gif 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-120x600.gif
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=79587400049275604438268012433016&a=d23e1d3f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 Weil am Rhein, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e5b7f02b23fdfaa750168663e07aa8da6df9b31692b4e470097c1122b3fe2678

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-8530"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 34096

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame 58D2 0
150 B 112ms
37ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=79587400049275604438268012433016&a=aeb97db0&vb=m
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=79587400049275604438268012433016&a=d23e1d3f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal900016.redintelligence.net/request_content.php?s=79587400049275604438268012433016&a=d23e1d3f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 31 Aug 2023 08:07:20 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 58D2 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA9B 0
20 B 126ms
126ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzKopOErwZOnPC7uv9u8PzZa2oAUAAAAAOAHgBAI&bg=!g4ClgM_NAAYHwnCgJ8I7ADQBe5WfON9Dkbp1NGxTubEb3rHDSEsR4gCbqsI4Myj2ja9Uja5fscRExV_MaT5QW1W8c17AAgAAAXpSAAAADGgBB5kDJA7DHvSbHBNCANP_NPFuFO6kYt1PcvD1dK9uqXDA9YODDDqxacK_A4KHwtY7NqtDqgYE53Rxs-o_OVPZnabty2VIoJtxIOMmoJZz2dras11elcCh1Aj7QUmlFZIpdH0CZFYPAWhH5LH1hb8_UU4J5omxC9fsN-ZCQPcJW6M0TSe_luRSS93KtkMBqYU8KKT_c25rKmQoss-QHXl_yWRAi6-eUmrfzoF6XQAmTi-kRwrNbjSiYEKd7PA3aZKlESrNwjw0wWAhG66A1uPYig_euiFgyADTA6ka2DZxDIKxzTRinFEc63R5hkTgp2ZHZwG4jxSdDht1ZB2GG6ghW-K2kV_jt5Jtro_d7F2edYs0zpfLvL5xf2MOF7WYJ3D0S_aues3QKqxa1ZsKAuCFtfYBrBPew6qTPJGbvVFdClYL5teWn4rbJGCownzvvKhHXOgwIXPSP0KhnPxtsdqqonX2ZjduurHsC9MrmHkoDhf5Beo6EGBbwhAULSVkmRujch7ksYiCx54x8zWwe-ddVulovCCzIpDpbTEhiWxZXMT4e4iDKUN6x86IeLM77fUejphNaT176NFnSyO36WhCXgJwvcFphIcXvhg5mwzNMf0l3JMUSORAhWeEbITCtgShsAGRlDfu6oQ99yde6EniAyZ_QguvpmpC5u0bRQ0YP8SVXGWLc5sqK2vn4We_x8Zx0Votrr0T2iKalV79fyzA_lwqrIAvSn0NsPVDU-oTc87a6pblsM7-kHaQlbODhWZ3W-kXNYdP45nqQf152jAOZaAdPEO3GbSgsgOQfd8sMu75qh7TpxcYDp_Kwmk9pvXO-6vbQb9aiZ1lCWNMg3gsKCPlJYE8zoOjbsDikqTq_rxVxLPGAm0Y9b7fvtkiEciZANWenKFbE_5W2DUZRMZDR4cD9tF6fex5Zj7NfLnqnXW2E3bm9Idz8S4XyZyDO-6kwxgLDA8xQJM4cYfeTilGYgkdHXLzkBXDNGMTQvv7wibqNQ41OIB-h9qlkMfg3pUeoEsHGbpZYIniNeupIDZ94JD2jtkbU3QADOb2MZBu9d8kNKuaTOX4bQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046729&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693469238389&bpp=432&bdt=324&idt=779&shv=r20230829&mjsv=m202308280101&ptt=5&saldr=sd&is_amp=1&correlator=90&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2694894255&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C42532314&oid=2&pvsid=2071591890535742&tmod=1490703502&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.xctfw4z6sdwy&fsb=1&dtd=861

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 317F 0
0 138ms
136ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308280101&jk=267560426832837&bg=!9_Sl9LvNAAYHwnCgJ8I7ADQBe5WfOHyk1nQR0IVb36Jdb2ij2xdz5B2mPRcVXz-htJRtbtmTuebNsKzHtT41P4IwVuTcAgAAAhxSAAAABmgBB5kDEY5oAjSl7vN3A6R0PmzWHKq3eBC6GziwWkpCrVcIzzEjEAi4uxWDup5ErfnOCLj5IuZnFdVLf1sSlIFnQbIEuAsFzA2YW9DQYNKBHqzFg6KM93GB78EbPhGq4A7A1k2NJOzlpU8ycthllwtI-Ak8Q8-ADkCPrgf7yEXL2jePr5AXWPGLmg0uKxHyDYduVjfbCOxfH2iy46w1JVc3NaUZWR6adcl7HTKTauMEPhGBEoJKy3rGhqPgrHaIgaahOCAxcqj2xWC2cU3RpXkcW7NJXBZQxIfrXveX32VTkdJO3trkGbMK2jAY8kYk5Dv127axyTMk76Hoeg21sQIBfOdMoTsLvDyPWoM5LAcmo-_nGNpgCsp6Bak9PENtm3mXuGrB79ieVricbhQmVMQlq_zxRfmFEv9j6jjOz-tbodujH5-O5pfOWjDgQF_SQ3UqQtQ77kDeqe7hbrKF9R_woGZfKgPulHCRZad60z_BaHp4RYPlXV3M_mE_2SSy9fLM0jb-COWtxlIGRD661XeH1hYYvfIFAz8qSpO-z53gso0CsLvbkhH0PpKuyjJ8zskuZh7E1VT3ybgPWyq62tCdg15dYIqpijqRe6Ely9vtMG4PPzgR9cecfOo70YeUu_5mCk-aF1u510ISYN7aKMO_CP7eE6h85Z7LubAEg-LfHuMYYmg_7CFRK6AByHxR-m4nlZ80khwkGU-780p5WCE9WDP1XTrUhosqZi-VMIJy9PUOtKhRxRFEpJV5dNhqU8NbhhEOoJFTScABRla0dv3UqoT_gFynwsJa1Hx3oiUTWKSpMY7814tF5tGfZhQC2WECX0n7EWdoFzQujeSlaqfN8zF1hsELt0K24y77uxPZJINiR7fSH1A9WcBBbhW2QhohFwaq7P1d63hCla6shnreXfWmR7va_4PUVIw7WSUhLkgBIDENYxw51-CmjfZE6WW1L7KKaf-Uqh7KuCoowwY63CnEwjP0IO-vOYzp-4FyMHFm17KkSX3fhGT8u3iB9xuv8zjwLG0Jnbipsco3i0o5ah6nwRG3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E31F 0
0 63ms
62ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssw3rzZWfTNqGQmL6uu76nDmYIgolsY1NJDX6OY8tGaYFr5qDDYkPAXXGaIxavvw8rQLmmglE22D8vfpgIPkRr7SPmeqzu5ySzv4boWARujr84mnBT5LYZPC4_Aw-6KMWs6Y6whkkNTzUpV7AXfqStOVOcdpu0De_63qlt500zwwk5modJwwkOUxshHPGY2jIRwZKDAjgwMUt4UGM-iW2s7JGq-Rw0T-ezC11vPzB6zFzsYFq6x9DKGTq56ACdXrFNWzPnbmY2L4Tcp-uVpFMfuOPekAhncfwVganTyPSQ9y3QYltArmtjRHxeKMYfa4m-SrP0pov6FO7_iGBeBmDiH92V00FP6jvmfIo0Y_GB7&sai=AMfl-YQ0OMfEQDfVFa0-m394aeEThsydUrxlxKjfahcVh87z1Da8vEg6euze2bh6PCAYIng6JPdCe-hpbg8WlFI&sig=Cg0ArKJSzIvMdPWyrTVeEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:20 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E31F 15 KB
12 KB 72ms
71ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230829&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03662e59d5b218627292a89f4881b32b565829169a169fccdf27ab2231958c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11818
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E31F 17 KB
6 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 08:07:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1CE4 0
0 60ms
59ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstYAmjGI4zPY32LVtq9V4rjmCV4afrKNIpyJAn8LKnxJ3a3rVn1Smo_VDeXjK5nJS8HZzU-x5x3jLUf1Pvap2jwmMs8mVu7JHG2gs-MsgaRcFQJPgtF2b9ZmIGZzxK3fYsb08mGymE1A8Ryj1jllz_GCYKQBXv48coyfJXryLuzNxHYD3u52xxqoyXd7cnC9_x5eZNWAAOYrZxiSEK-tWnodrO2F6iZzX4aZ1CiarN_rn26cRcCob47zen8K3422Fjs0idcCUgVokHbT3mB_BUA-F9JhUy5uVyCCYGV5lT723UvPH-VanxKGJP-kfDoR95y43x_tCl9mCERuvPn-lXeR3OnOubt838GDIaIi8Y&sai=AMfl-YTm1MCLv3msD3OGvon2Oe9fbKV4jjA13N_YvOwLTazK9H6WQOnwPdDaGTX9nWAbxh_a4qOpJLBp5Uc4YN8&sig=Cg0ArKJSzKnE8ULyxnmiEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 31 Aug 2023 08:07:21 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1CE4 15 KB
12 KB 95ms
95ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230829&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a07e747a519ad4c229f28a87cf56e2a6b69d711e1403683ef011d30e464dfad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11897
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1A88 13 KB
5 KB 21ms
21ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 3299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 07:12:22 GMT
expires: Fri, 30 Aug 2024 07:12:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0388 829 B
560 B 38ms
38ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

60d37e750b602e3b7276a1632a3a0b2cc495f3083e6072b2990079d0e8f90dac

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FVyCvPkRTEKHVoaNN9NuaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 538
content-security-policy: script-src 'report-sample' 'nonce-FVyCvPkRTEKHVoaNN9NuaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:21 GMT
expires: Thu, 31 Aug 2023 08:07:21 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js Show response
pagead2.googlesyndication.com/bg/ Frame 1A88 37 KB
14 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:24:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 150183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14793
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:24:18 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0388 0
0 128ms
127ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230829&jk=1436572443372765&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1CE4 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308280101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 08:07:21 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D9BE 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 3299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 07:12:22 GMT
expires: Fri, 30 Aug 2024 07:12:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1440 829 B
558 B 34ms
32ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06e621e2c536e463cf45f1e3f408f365bd21d02f333ad37e86ba261a894bdfa5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nFnoI6weZ_ZpgccLyC3VFA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-nFnoI6weZ_ZpgccLyC3VFA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Aug 2023 08:07:21 GMT
expires: Thu, 31 Aug 2023 08:07:21 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1A88 0
10 B 24ms
23ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?q9ARXg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1440 0
0 120ms
119ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230829&jk=2071591890535742&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js Show response
pagead2.googlesyndication.com/bg/ Frame D9BE 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/y--OXqz7ADyygIpSoni6phyCHaVIcLrPPWSypIROD28.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:24:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 150183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14793
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 14:24:18 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D9BE 0
10 B 22ms
20ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?UovNLQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 08:07:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE81 0
22 B 121ms
121ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5343829527588&version=m202307240101&ct=76&x=1&cor=6549957044309561000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E31F 0
0 127ms
127ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230829&jk=1436572443372765&bg=!Tk2lTQLNAAYHwnCgJ8I7ADQBe5WfOOHGbALHfzHN2sOKNSrajCuPG4mJeJQ6FkC55YsILgYuO6EcFjFSMJPyViFgpeM5AgAAAF5SAAAAFWgBB5kDEBeAdrHcjLhPs5LQtyqjDXz5Z1AgC3Lqr7H4Osv0sjai4of1lLWmZJXSYwt5koaIxaLfoSCANhxYBFF2JRN3-DYGfXdqKwDwn6yJmX4A6lStiGVYiIGfGhaQSADGZ7uXObDudBif9jvipfGh72F5W4bVF1_zZznlP18P_m2OR3j-fZAtY78mWK8sqA224xMnLe1iS6h5_FqiKY9cLpeHfebk5Uq5NdR7GbwmjwvER2MkxNOPDm5r1Q-ZQv9oYiR8zokvg6kYa85RRk4WPF7sVIgynpuwyxPwJ7BCZQRPzA28hoMJC4dfBs72y9unqid_9I0onHIft04RF7eeEFOBZKPhI73LX9Vf5MxXjBDb5ggeyELrEszxCTkrssJP4JpkBBe038_s21iV4UHd906MTpT7_RgHeF_tOkpFL9-RWR8QWI7QfaWn0xON4uuQvMFunSz3JFK9PbxlL7D50aX1WUBDRmdNat88izrPF7SmAHNrkhbU3HQLoi6w2-F328S4LpbiMzj0sgHaWuq-GVLUC1_LhILHW-9lRe8TcIZgHfmHsl2xgCQRxr_G0Wvb-unHvgy1Z_Qz0KLGMkGosB3R30GfrJk6pHfDWdXm1D07IiAqNvgCNUUbBJXIjXSziCl2dMzBUeZ7AH6KuFwc5t1VcBUxme_h7dZ_enbU2OACFXLOlIMAzH2cyTxNFvxVNsA9l3azaZJPCbr3ylRalkN2HSLxeWth8qoyTB7y9SCSOQr8v5EpAB1UCvnTnrPqFOTVwZ3T93GFtDxg-ifARkFBaYil9BT3qy-ZBEBmpvoxJhz8zHntJrsIVYATOJEobrwnn1O1wWBnwABDV6E5sLoQto_SAoSCSLActvU-XHewbSgcC2erLp658sKzY6dzAnm-nVwNDH5eyaYtCPOZKU3r6rVwpgJ0oiIakotF8S7XGAsQoUD-riXLkivI5D8gGYr9ycI-m2fMnGWndkL5NCQ0jTqkTmCMeUXJGbjEPdTbsA-eJ96-k9HfkraSquW6TURPPII8bMbRL5642wXbQzOS4i0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1CE4 0
0 125ms
125ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230829&jk=2071591890535742&bg=!TE-lTwDNAAYHwnCgJ8I7ADQBe5WfODpPL4Pz8A9E56pbY-qVBwZkZ96jwnDkflACS4lInRh3abOc5hKaBYjc6zNVCIJkAgAAAFBSAAAAB2gBBwoAieRH7rOxJjjOk4ZSo2WOqi5rskzImV9RA_DS0hOq_fiHuwYcR3DebjjvBLN4zNWCBIRISmBgeygAD9apzoWY5RcHq1SUV3sCCIzGJ-S814ND7nSfnduWrQjlzzZBvLP3CmZXXE2t7FiAVaNDXJ4ryR1q8jn-83h1lcyid3CRoxDsTzVjxtxnzKZEmQMD_bxDZdBB0joJbwRczJ9Glrjymh-4IDETvtywhbmOAkMcKZ21roWSp9sWvQKRL7KmcDOcP_NOe1FT4orSZsOLVBqnSdzXlYeT1ZlY5oKHuEQwovAOZkMxj0UdF9-jANAO-_WTIszt49Mk8MAmQtxQhpAfAnlNmn-U0Oj-SpaH3oG1JLHOD1WdLa39DTWVvQIEPh3haaktgcANGJV6q48TrE0QGYgdPzZ-9RPeC8iLphRzY0aiwrJs1GFXATSvdfL18qrIRZMGcY32ZubmHNOyz3aSkeRUuInqP7nbJKqUWUSFtn-pOXd30BHF0clZYOmr8Z_c0EguNkdA75ko7Ri4tnNC79P1JF8zC5msWkAjocu1QdKUMGdX9h5j2ZH66JZZZUi98ziL-Fu4ondJSi6yvO7fztjoJX-gKZ8hMFRrkunJ6rAFa08dKVg66iKJVQIHiGuXVsfj8spTlcX7azREpf7BDFAIgnxXkkMpuyjDyIJ-GusAAiM0w63bvFMgh-gkE0JWsvUVPnu2O4uvLMLbV-_yvuxZsoBuvPeMuQIW803oKbqhBx1qbzWsFadro_vwEfFfUoFEIFIGnQIriNGERi6awXdpig2ItGiL1kVKNAYG7BnSmrk7TtkcXjbv36x_es6PNWF_lwPKyxdbigkTFnHTPgV9w7AKw_1xUCFEiEBcSoBU4OmvNjAkKg8MOmNW9TbkZREmSbyBzyYQDQYPW2tmCd19LOzfU9BZmTpka_c84Apt8DTlCw4sECQiPQcNd6CWGgQveznR9yL3xXPW8OogtvBhdoQWoT_sb7cROyic3gVvhONnoJYomIpfoc29_BPBw8LOp3kFsUdYQg8Xr-xttw8kbCTXDa-7E8DsI0pwTl-p638t3ctBoRzLN2-RSn2xl8gJPYZu3fBCKC82e9Jc13lCRfZDN-cNVX-cj-D2PSlxXwmIkiQXAENC7IgSREd8RymPZMMQvq8wWlvQJsvNA8ClXQHPcfwd0xXz1-AXFJsPws4N-PCpLYKYYwBSGE7l
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0593 0
22 B 120ms
120ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7608422870321&version=m202307240101&ct=77&x=1&cor=17331312949026050000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF4B 0
22 B 119ms
119ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3970656413567&version=m202307240101&ct=77&x=1&cor=13882633666222990000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 31 Aug 2023 08:07:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstoS4fDVEkc5w2Rq8fcDPfBWqi3zY2XoVsFQhoKq3i8lq2c1CsTjdFqYsk-VJGenC9g_D8vhUZIjppWW4Ib_duBLvewxP8QuCpmuobZA9cm1dc-fwQZAWV8xPqTmGp7IJVi6aW4S1BSBn0_7kWwOx3gzsyv4H2Uk6nTL8A0j_3pTaLcLR1mjKnSJwaJm0b3ML0Spuf2HaPYbW-sXZLQiyw10R1zh3J88PXt4EtaB5q2xxhI_BOpdP0B4oki3pF2jHE2jKi45NudeTtAJqoX50D2WD2xqViuU4_4yGqTQqsxMiwYNzD-RdpCGjIF8h26gbJmymR13Cp9qqN3Y8YWHt5jhwNHR0EW-EmJcwFllnUigWZIAw&sai=AMfl-YQeLyGaqJamwcbN1F63EE0rjjtXcXtC6guB5W8XJ9ICPydC2yqDOxx8LcebRCgODgHgxdO9n1PL1w3dYXRqVWRtxA0ITo39G-SUMw&sig=Cg0ArKJSzH_qxgiAjtt8EAE&uach_m=[UACH]&urlfix=1&adurl=

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOQEMPcOJmIUP7El-jY_6u5FoTgHFHCnhHYZ9LzFY71OeF8htmlc5bBX5s65U4nOdhyyZalDpO1XbRYMRw_1g2A3O-VgUE8EQTyD5MENJR0JMM0pT15pmsSGhcCrQN&sig=Cg0ArKJSzMeFlW0_9tRPEAE&id=lidartos&mcvt=0&p=0,0,0,0&mtos=0,0,0,0,0&tos=0,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=0&if=1&vu=1&app=0&itpl=19&adk=2408727451&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1693469239075&rpt=213&ec=1&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDLezWSL3awd8XxYM8pOCyg&google_cver=1&google_push=AXcoOmTq1W3dcJGYP80SOueArvRkruDpA2lXLnd1lh2yMWJGzgkTIlmzxlS3u_CWvEvUD04wbAVDfPtk6dtujCe65Xxicgdg-wrVMQ

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:00:29	Name: is_unique Value: sc12916097.1693469236.0
.statcounter.com/	1970-01-21 00:00:29	Name: is_visitor_unique Value: 1693469236704960794
.xgcartoon.com/	1970-01-20 23:10:05	Name: _ga Value: amp-FuXQ0FzqXrYO4CQwQsvmYQ
.doubleclick.net/	1970-01-21 00:00:29	Name: IDE Value: AHWqTUlnLaNWz3jy8GCgsZ9cRFtABM39i_ai3CFurLa66qIpYCICohtbDsJEpOXwgmA
.casalemedia.com/	1970-01-20 16:34:05	Name: CMPS Value: 5173
.casalemedia.com/	1970-01-20 16:34:05	Name: CMPRO Value: 5173
.casalemedia.com/	1970-01-20 23:10:05	Name: CMID Value: ZPBKN5yqgN46xKxpP4SFCAAA
.openx.net/	1970-01-20 23:10:05	Name: i Value: 050c3896-fdd3-4c59-b44f-80ef28566bcf\|1693469240
.adnxs.com/	1970-01-20 16:34:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il^:JUR)!@wnfH8K6pQK`!5=E<L5?%KHie)3Qcfeljd(:.4xJH(Yw]e3C]YuAOCQusbpRzqF1`*b^ci)j).d
.adnxs.com/	1970-01-20 16:34:05	Name: uuid2 Value: 6035285124671781161
.redintelligence.net/	1970-01-20 16:34:05	Name: 8lcfmzhxc8d6_uid Value: 6c5f34268cf2285d
.lijit.com/	1970-01-20 23:10:05	Name: ljt_reader Value: HPenpGZHH24Y4TrDTyynAuak
.simpli.fi/	1970-01-20 23:11:31	Name: suid Value: 97F849F441854239901367624664388A
.adform.net/	1970-01-20 15:07:41	Name: C Value: 1
.smartadserver.com/	1970-01-20 23:54:43	Name: pid Value: 2080895605112580008
.adform.net/	1970-01-20 15:50:53	Name: uid Value: 1728667588270498939
.tremorhub.com/	1970-01-20 23:10:26	Name: tvid Value: 09f0236212694ed280f83379f731c8b8
.tremorhub.com/	1970-01-21 00:00:29	Name: tv_UIDF Value: CAESEJrswiQfSH7Zm3HBcqFFIiY
.tremorhub.com/	1970-01-20 14:31:41	Name: tvssa Value: 1693469240664
.mediago.io/	1970-01-20 23:10:05	Name: __mguid_ Value: cf8806ac995c35dac91f2dc224767887
.360yield.com/	1970-01-20 16:34:05	Name: tuuid Value: 560d3000-884a-4f34-8165-31b5e8a6fbff
.360yield.com/	1970-01-20 16:34:05	Name: tuuid_lu Value: 1693469240
.ctnsnet.com/	1970-01-20 23:10:05	Name: cid_7866fdf4118b45b7afee7db0ee42b6e6 Value: 1
.ctnsnet.com/	1970-01-20 23:10:05	Name: gid_CAESEOITH6Mv-g5pluqSpC_uqDg Value: 1
.adfarm1.adition.com/	1970-01-20 16:34:05	Name: UserID1 Value: 7273395002604058781
.yieldmo.com/	1970-01-20 23:10:05	Name: yieldmo_id Value: 3mDJsUUEEkUaaP1GSVl5%7C1693440000000%7C0
.yahoo.com/	1970-01-20 23:10:26	Name: A3 Value: d=AQABBDhK8GQCELoECgfpECK31zFCLqbz2tkFEgEBAQGb8WT6ZLtj0CMA_eMAAA&S=AQAAAgO_csFJH4F9Vk6_mEFv4QI
.analytics.yahoo.com/	1970-01-20 23:10:05	Name: IDSYNC Value: 18yx~2dnk
.tribalfusion.com/	1970-01-20 16:34:05	Name: ANON_ID Value: aXntmIOZb3VgUEjUAujyptQe0DZbcjbZcV8hx2UvqXCjqSDniiGEW2Frk1mhZajL1Zd2q93ZcfELoABRXZctMPAUSwG41SB
.zemanta.com/	1970-01-20 23:10:05	Name: zuid Value: Qi58G6Sg5XDHvRg1Xlup

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang Message: The resource https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.xgcartoon.com/detail/over_lord_di3jiriyu-yitengshangwang Message: The resource https://691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

691769230c74f3dfae9d4207cb915dce.safeframe.googlesyndication.com
70d87006024b8ea81930dee07c0e6299.safeframe.googlesyndication.com
a.tribalfusion.com
ad.doubleclick.net
ads.eu.criteo.com
ads.yieldmo.com
analytics.pangle-ads.com
ap.lijit.com
b1sync.zemanta.com
c.statcounter.com
c1.adform.net
cat.nl3.eu.criteo.com
cc.adingo.jp
cdn.ampproject.org
cdn.contentspread.net
cm.g.doubleclick.net
csm.eu.criteo.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
gcm.ctnsnet.com
google.partners.tremorhub.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900016.redintelligence.net
hal900027.redintelligence.net
ib.adnxs.com
im.bluevoox.com
match.360yield.com
pagead2.googlesyndication.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-a.xgcartoon.com
static.criteo.net
sync-tm.everesttech.net
tpc.googlesyndication.com
trace.mediago.io
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.google.com
www.googletagservices.com
www.xgcartoon.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
sync-tm.everesttech.net
104.20.219.77
130.35.192.4
138.201.220.30
138.201.63.157
142.250.184.230
142.250.185.130
169.150.222.217
172.217.16.194
178.250.1.6
185.80.39.216
2001:4860:4802:32::36
216.52.2.91
2600:1f18:612b:4280:6eda:227:e8d1:bfc3
2606:4700:10::6816:2f93
2606:4700::6812:18ad
2a00:1450:4001:80e::2001
2a00:1450:4001:811::2004
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2006
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:d::c
3.75.62.37
34.246.130.52
35.186.193.173
35.204.158.49
35.208.249.213
35.227.252.103
35.244.159.8
37.157.6.254
37.252.171.149
52.195.45.163
52.210.221.60
52.45.175.185
64.202.112.191
78.46.111.106
81.17.55.109
85.114.131.233
85.114.159.93
0041f309bdbb7e52acc4edd65dc692bd791f181121749548fd72e94544abc8d3
023faa99ebc108ef1a2a66c5f31fb92cee476df6aecde7352da393d1ac85d6f3
03662e59d5b218627292a89f4881b32b565829169a169fccdf27ab2231958c6d
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
06e621e2c536e463cf45f1e3f408f365bd21d02f333ad37e86ba261a894bdfa5
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08d502e7f6319b0015d0ea006b216f287353f60e0cd84462a5a43d6294bfea7a
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a07e747a519ad4c229f28a87cf56e2a6b69d711e1403683ef011d30e464dfad
0b33f89610cacd7b17f7b6c16429d0505babf974a31f0a2d6ea8b5b155a06839
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13d292ce06450134156b73b94ddb7e4a39a19e73dc4912e7dec806fe4bc71994
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1a8d33a897d81cabb802e0a524b10667897c6e311bb8b1706061f840d6796a9c
1d132e25b07ce615d72c1e0d2ace64eba3b9ed1532d3eb2a238f19d11d2ed2aa
1dc118c68570ac106df5c43e5588c5b94d18caf4aa9e4d8d52792037cc16b980
276689d8c9e40394dd21f77c0a2f6129bdf06dd2804ea418ee30f5f8eb8ceaf2
28f1d57da4c0d3f6abff262eafe5427a9bc35eac6ca5fc01692114a129744a2e
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2c70a5278ec1a1a6c4adf649a460a3fb5860ff48f19a88d87ce557395242e2d3
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31c9383b3b1679203f0cb2895ababfd063805372dab26fe9d77989ff111a6a8e
322cfdb91f6e20a97ec72c03f5e6755e82f6eeac5f7f2f57b6a9c71daeeedfee
34bb1c7ca084facdfd4822c3dd2d0f3f483ad2d071c52d30e54af52ae62deb02
362ed17a15819f0eee07a6337d4724f4f18003aff9e8603d275ef73f78964cf7
3e625fe058c9871c924b05047696c2e7b1e441d4acb2ce54544b8413eea8182b
400489cfb920375e445d4285c9d247de210aa9d665dd4bc3ed29e7c3b9bb8e86
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4728e1ce0ec1de440ef99fa5e88e0000e23606a697ef94fbfae3719b59056174
4aded8f694dc4a45c0c7834df0912c2accc184fc26e7e4e399b5d05c017c4d07
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
4ba8fefd43622cbf6c8acc8489affef7edc5bc774ae6596abedc1dd8cd9e3310
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
529cc06edd1a2365a814d55c12ae343a285bdd93c5d78393502b41fce3bec6bd
53171c5ec21591c1dc0c3fcbbc5ae8651816a7cd2d6237d23befab64b18af5e3
53202a3c73552b3385ff4cc5598c6cdabfa4d37acc87cd2fd8c0577494143285
5498ec584b15d3ba85c1e2aa1adb47d5d89ab310518315763863cf2bc30bfa9a
54ecc52e1cbb695afd0f56486faa5a7e11a94fb32aa4690163efdbc2d3a770db
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5abef60d9edd11583e363e3dafd2d6ec74e0141946c21b2903e7b8c08f01130f
5c6f39277796308599e9ec4d568f6812e2992e96c3c98be3a90265163ceea928
608f6a60a9ec2b411b5a4b9dbd8c68e9eab9218a2877e44d1d7820fb3bc16f8a
60d37e750b602e3b7276a1632a3a0b2cc495f3083e6072b2990079d0e8f90dac
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6323c220b6830615401d1cda2da27beb8023f734880950c5add83b007552f0e2
64fcd710d1b1a2f50a177d5271259b3b3bf29f259be86a882173ef56edad6b15
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6ec05a9be337ea27e3c743e9bdb95bbed8d47001dd9fe03d22e1db3971e4b381
6f0a563b47e044d1e1d4e4c15f2108b4615127ab673477aabfed4380f48efd93
7194a599f47c483b74efa14da1822e2c6e69ef3aaec3fec2a43c46374752bb8a
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
74cba1ff07b486118035612878d4565031f9f9ba69b2d64736a41888f23bfc77
75d8e1698429770b759cc3e200a88890e5c5821f2220d6c5e4a7a4b0368d4a9c
763421a5334408955c647efd773480defe5217eebdbbdd292c9071dfe83148c2
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8ab110884b68dc3065f8e13abab23d3216228beed5e933e2dc4071607efa67e9
8c8010cf97a1a587bbdeacc4490823790d9a3b02f4cb1a78b4abce6ce7d59e04
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90d84f056686af8861c0017713e2f06e8957e9d15a5606514da382d879b9d41a
923690f3c0feaf6346a2755af20e2b8580a048126501966a8ccd0fd31c6b53e3
96178739e050f18db99525d9715bb1e359635abe82300a17b1dd2c7235136ae5
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a295c07557460ab45c47664fb1dd3ffcb15f4b00296455cbdd59087b124f3124
a303bdbfce6897ec74ce030b85480f417f9e17804f7a19b8f2a90feff115b94f
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a77f8f8d5bff81c8670ef7d99170f780376e9e19066af7f511a9b5f0f876c964
a7c94d5780fa800afb0066d0ceed10b6488d78ec4cb2a85c42e5772b6218cd26
aabb98c84c142ef2fcbeb513da1ea3f2a7ccd3143f3418b867417c0afc49a801
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b4705fa2d1b69a0f86315c95c69e6d1bb063a3b891df9189b7b5003aa77339a5
bc83bf6058c6a9dd144371e092c7efbd6b4f2a3c3f29abb4d7128895930a962c
be5c3de6deb280576b70d0b9b9d5d50b9e9d2a3aa08fe81dddfa14692d27c407
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c3b913c546a9218e09fc70f76e6aa0f6f6b5d35bab5efd422f4c5162e8b77ab9
c3bee0a5648f1db23f08e2fe2b509309cf0fe01c8d8e217e48c31c7e9f2c4312
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
c81f14e2bb3209ad75981c1843043f0a465d4c090f2313d0aa5398a7767ca9ba
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
c858086f8cebabe9b923e696d4f3c46fbbc42838494f8039ebf991fe45f7911c
c8f5b0910ad1e7494f3713d5a7db386d0a92af4f28cff5b80ab2b198fe1303a3
cbef8e5eacfb003cb2808a52a278baa61c821da54870bacf3d64b2a4844e0f6f
cdbb28a61125e2f817cfca97dc459c63c43aee2210edb1678c69ea532c4847a3
ce27563a76cf985b34e9f82929e8a81bddf9187e03675f2ac5d9124ed5a9c7f1
cf518ea75c5db9f4155e65e75938957749d3c71c776be6de14dbd2ddedd1093a
d0edd199833dd87c9ac4395f5bbeb6dfb6843109419531043ba1fb6b32e63496
daf6bde03335c110a3be5130645023ae8395c3a7724b11c97acda202f6fcf830
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
ded5ad320ec2ed9002a9340bcfe57cb7ad5f730f4d55ccdde5f57e52d06f5e6c
df5e328a3370e8c2899547d23d4d7658c004133ab8f30062962566f8e88cc914
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5b7f02b23fdfaa750168663e07aa8da6df9b31692b4e470097c1122b3fe2678
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
ed3d6f20acc6105a9960c3f827cd1b873de5dc4f1585fc628fd67f2809f7a2f8
ede47ef8e9be955000f9a227e5bb6aa0e983bc6b2a374e4b05c97f285733b575
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1585bc7dfc96f8d391477f904785f2f85883e4ab39606bf49703fc6984cd1e8
f4a6bbed58461b749a6f25f608fac1018d2cccff798cf28d721fc56dff63f822
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fb78884b2e1bf04ebe0ca1ad10c9bcc60d2bb43ebeee32b88c3e2ee83e89fe73
fd88b8018ee28ee71feca6ba40c956bf2c441af5328f54071062ed77587d75ac

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

236 Requests

86 %HTTPS

38 %IPv6

33 Domains

48 Subdomains

31 IPs

10 Countries

2636 kBTransfer

6639 kBSize

30 Cookies

1 Outgoing links

Redirected requests

236 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

236
Requests

86 %
HTTPS

38 %
IPv6

33
Domains

48
Subdomains

31
IPs

10
Countries

2636 kB
Transfer

6639 kB
Size

30
Cookies

236 HTTP transactions
14 data transactions