www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Submission: On September 16 via manual (September 16th 2023, 3:36:09 pm UTC) from US — Scanned from CH

Summary HTTP 170 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 29 IPs in 9 countries across 28 domains to perform 170 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on September 14th 2022. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.218.77 104.20.218.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 16	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
21	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
21	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
3 16	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3 5	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.73.212.134 35.73.212.134	16509 (AMAZON-02) (AMAZON-02)
2	18.197.134.14 18.197.134.14	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	50.31.142.159 50.31.142.159	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	35.214.168.63 35.214.168.63	15169 (GOOGLE) (GOOGLE)
1 1	193.108.153.6 193.108.153.6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	35.170.131.1 35.170.131.1	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:6302:7a79:df48:a6b6	16509 (AMAZON-02) (AMAZON-02)
1 1	23.212.88.20 23.212.88.20	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 2	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
2 2	52.59.55.175 52.59.55.175	16509 (AMAZON-02) (AMAZON-02)
1	145.239.2.103 145.239.2.103	16276 (OVH) (OVH)
170	29

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.218.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.27.193 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.130.102.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.73.212.134 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-73-212-134.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.134.14 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-134-14.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.159 (Hickory Hills, United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.168.63 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 63.168.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.108.153.6 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-6.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.170.131.1 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-131-1.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:6302:7a79:df48:a6b6 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.88.20 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-88-20.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.55.175 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-55-175.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.2.103 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns3082036.ip-145-239-2.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	googlesyndication.com be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 152 pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com	431 KB
37	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 googleads.g.doubleclick.net — Cisco Umbrella Rank: 47 cm.g.doubleclick.net — Cisco Umbrella Rank: 255	306 KB
25	criteo.net static.criteo.net — Cisco Umbrella Rank: 660 csm.eu.criteo.net — Cisco Umbrella Rank: 9485	171 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 389	251 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com — Cisco Umbrella Rank: 918806	359 KB
9	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 9400 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17123 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10535 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16172	61 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 221	398 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37741 hal90007.redintelligence.net — Cisco Umbrella Rank: 221138	10 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 658	3 KB
4	gstatic.com www.gstatic.com	43 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 373	1 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 884	489 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 604	1 KB
2	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 613	69 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 151
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 87436	95 KB
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 14321	520 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1657	1 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 478	714 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 5734	614 B
1	pangle-ads.com 1 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2910	1 KB
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 1104	460 B
1	ctnsnet.com 1 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 8166	667 B
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 8330	44 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 943	755 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2288	247 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 10650	469 B
170	28

	Domain	Requested by
23	pagead2.googlesyndication.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com www.xgcartoon.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
21	static.criteo.net	ads.eu.criteo.com
21	tpc.googlesyndication.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com www.xgcartoon.com googleads.g.doubleclick.net pagead2.googlesyndication.com
16	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net www.xgcartoon.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
16	securepubads.g.doubleclick.net	1 redirects cdn.ampproject.org be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net www.googletagservices.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
7	www.googletagservices.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com	cdn.ampproject.org
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal90007.redintelligence.net	1 redirects 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com hal90007.redintelligence.net
4	csm.eu.criteo.net	ads.eu.criteo.com
4	www.gstatic.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
3	www.google.com	tpc.googlesyndication.com 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
3	cat.nl3.eu.criteo.com	ads.eu.criteo.com
3	ads.eu.criteo.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	x.bidswitch.net	2 redirects
2	onetag-sys.com	1 redirects 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
2	b1sync.zemanta.com	2 redirects
2	match.sharethrough.com	googleads.g.doubleclick.net 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
2	372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googleadservices.com	www.xgcartoon.com
2	rtb.fr3.eu.criteo.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com googleads.g.doubleclick.net
1	cdn.contentspread.net	hal90007.redintelligence.net
1	im.bluevoox.com	1 redirects
1	cs.media.net	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	fksnk.com	1 redirects
1	analytics.pangle-ads.com	1 redirects
1	csync.loopme.me	1 redirects
1	ius.ctnsnet.com	1 redirects
1	cc.adingo.jp	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	hal9000.redintelligence.net	372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
1	rtb.nl3.eu.criteo.com	be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
170	39

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G2	`2022-09-14` - `2023-10-16`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-07-21` - `2023-10-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-29`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-27` - `2023-10-22`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2023-11-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
contentspread.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh

This page contains 23 frames:

Primary Page: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Frame ID: 8862A7BD4AD68384ACB7987BAF70D2B3
Requests: 38 HTTP requests in this frame

Frame: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: E9ACC885723C5489339C7F0E64414568
Requests: 9 HTTP requests in this frame

Frame: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: F187944A6F8C3D30A52FD0A7770AD4C1
Requests: 11 HTTP requests in this frame

Frame: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 4B396649FEA7EF053A1613D3556B886F
Requests: 10 HTTP requests in this frame

Frame: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 445B3F90A28897647FF5415F78DD5293
Requests: 10 HTTP requests in this frame

Frame: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: C729E481A3DBA23E36ED13A7E6A6923E
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLYwANzc8Ke7ABAArNZmWGYEbXQEuFfroR9A&u=%7CX9fvg%2FDO1u6jPW53yoihazPoi72rkqo2IarZxdzX0vY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osI8geD4fhYHCh3uyFgOM6LlOqHAKbqJCNdBVexjiZYSZwtNDvvnRkMMEyz6paF_FD4LzMm3kIjXv5T8oQeVRTRrVJZNs-Tnwp94YqPFx6oOErmEnkDdf7VEMYezTvnH60qNNLZla2wuH3l3BosUtdLmHsEES4Og2Utl-YKtTG2whKVgqLdQfk4TbCBLrxhQOQQhAnt8tTS1KwfULTE78Tp4ih5xu3Cdjm9HJoULiE2YjnoSu0L3jhyXf2z1jPyGFs0FAccpBaHy_LgVKlod3DV1zQrjv3qK4l7K262XWEbXwH_k38mkR_GGsZPGxuykkknsqDWTRfpMyeYVKqksv4jhVMkn4ob94kfuz1IfFj8HSxnUWYeuUiwpNYcnoTeAIaD_luEsNKvXMGhNl_YxeZHF53sTVHkf4JpqPuXowIZEUJsJVv4AkJ8XuUCCQij4Pb8zazLu9W6OzrsnkSNm_IfLigTZQd4x6BQX3-qqkbl7M2Uy-yDJgN09N9LSYt3DY37AJBx_Q1O6M5vjaQ_0nbaex7CzpF60O07HAgx2gGck7Qre9KeKOuD2nfnzn704zht7VkLDDBsHgk94IX_mQhCN43ISfI5QxjfglYeY-mikZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPNXLY8sFZc-bN4Hg7gPmmqtwyZ7SsVzVnZH3cMCNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQII7SoEJuGxPuACAKgDAcgDAqoEsAJP0BgcANNXzUUgBrNwag2SjvV6Xibg2WE6EwuDClasw3h5dtJavskxcojtqDmRlBB1CxvItxlfJHoy14fs98zoZ76I5_1E9qez-4gCnZ23Mqh_k1DsV55Q6iHJuNjIo78k_WN6ayLoZ0qtY6PfktXbkE1Lkm2jN6BjGA-4T_6T2facquHoWz6iCghWnytkHQw3KpYOxoRPIwbyJ7h9QVdDfW6gHQJIm5YLjQk1dpKNyr__UqpR1KPMJqmJUVLJCA7GLInqaq6VtC7aViVaYdUelM2uvat_q8wkTg0ET__am7uRRcEMNwnmPkQ_capdqH24WptaYIAJY0RrLkaoCcb1asXN3eg50OrJYJx8oaksIkpJ_MTvPGC6ca_lA-Rf_YvG4L94vArSK7siMAo6dPvE4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1znLmIPaBhwBAODoBnuh9aWIzQAA%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: 4A83BCAC994CE8AB45624F9326D347A6
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZAAGGS8K3rhDAAGxFVWaVRBYTZHCmR0kVQ&u=%7CII8l3dthMk7pzjXc%2BHN%2FPG9gYUqwvQ8dq%2F0iR6UbzjI%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osJFU2OVNQ_yLB0ulrIWe5sgxMHeTdA4F-JUkbB7ie4KuWK5nQXMeHyBKjHJJG5i1klhPmPfLyYiiHChQirN_4HZIuHuzjatkBTFHVcWhPwEohwO5Xw4ANwjB8i41SsQoY9Q6Ex3umdszpqqjul-mgVvVKOKXjUkvgVmJtxfwgrsncFzQ810G30TKrhFaBB76zS_q2hGq_5svVVRn3IFcfVMNx4rJCxXYH8-y2W_MkmXXD0yxFg8JxhdhGK9Gl7DPbFL60DnVijUN4Ao32LIy8HYzgsO0Rp9LyxI7Q9NtVTuuXTx5j2866XcLpaSmq1fFRg5MDsnfJJQ2_IrAMgsTHHmm0JmcLH0HkufmgIihU1NqH_YHgJvDiTO-Itp0qqfbKW6LzBdkgmMUYQKOofAePv6IQWHBoxMVBATslH92KEAnDEY5IZysfvkDtivdUDcIq63ZtjqkoGUfkia_AK7Npy9klk4EcbuCNX8Yz5s8555HCnJxS5DVUIQXt5CGR8NQvMekl3xqJAzw4S8iIRhGGQd7uzN_j0idimH0T7WhaUP6CTXYQzGiiFS8koW9gg2yDuXKFUrvN7Ki-mCbmUodrL0QAmgGrvIEieMPG3habNNBg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm43gZMsFZa-yGMPw-gaV4oaAAsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCCO0qBCbhsT7gAgCoAwHIAwKqBLACT9BNcTWEm4iCcrr5CENWaapq1edsJTwYr8d6qtWOXyn59Ftgil0xmflMw94hku9Z0-glmHelJNIILIJA8zWLkG0hYIbsj7VaG4yxoKvfJ8x3wTObAkN0oYQLXasdyDRmWQx2KuswEP7DuQHdvX0D6IXeZ__HiazkF2PsVf2RE0LGat3HfWuRquCpVfjGV5NlpQK_dNJYWF4pEvNWDV-gUqF2JwG27-MPYy-P2nNVYIxvuQhKKcoAfeQvuwS2SywjIqsfasgmPFX0MzWoDLki05_4FP8uPAW3A2vaeD-_W2X352lTyT54mVPgQIBcyGj5_silnLOgbjjaGX4Kl0Pi1PyWBLmvLpl52YKPhzNhKQzxeXLrw3ZFZgXARHDdhL6oORa3tKjemId54elMHOtJUeAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2ExhKx2pVYFXhLWpumg1neEnLNsg%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: F163B0A15C559E7FB7B901695489C030
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230913/r20190131/zrt_lookup.html
Frame ID: CA89102E4161FFDD6B1837D9AC651A8D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U2NgGuF9el-mJsFXQu4mM6YCW1zF1vGv2XWOCJKEcfc.js
Frame ID: D5D4AED09213393B411901CE82AB0613
Requests: 1 HTTP requests in this frame

Frame: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E39D4FDA0CC038EF7FB822BE840F50F4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460
Frame ID: 6DC267EC2EAF03CA22115D4ADA9E9E7C
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 12DAB68F7E14AA08B4B30898154B70F1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 396672AEFB8267E2D023206E63D2835B
Requests: 2 HTTP requests in this frame

Frame: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8FDFA9C4B88638954A32C8C6C2A96A73
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXGtRjyIVjEFG8NfszxU7afRKsQ6NN-eHjy1hwjNxRKzKXjsBxd6NMoSMgtDLulKOFgAPQ0RYFDNtuSyFerSmScP4qaXw
Frame ID: 455284FE5760FE6AF33F789609C1908B
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B9F2BA53C35D59B0DB1662A045CE21A6
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZgACDP0A-SIqAABmeE41ilzD6q9z8eh7Sg&u=%7CDOEprBICNWG1MWHO0TTasPQlI9faR%2Bf%2FhQs1JYURNAo%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oVqw7Cvg7ORav6XsKrfZypYKuspo5MklQJGJaQ5D3HuutBNk8kyd6SzsXQpWqg4jTa93yXyRURZ0whUXno-wRluzvqhfFjXWzuxjNzt2YXX4hMFKbONElaoqWB3D6xHJ3xUvIji5crKSwTNLyjvy-bvI-G0WCssrP5-00__blQZ5tcu6kGHQa0xIVMe_PVsD9YKY9Wv7rnLCwQkl2SGSTF8lc9AOyV3DppJVU0dnCo9iM_XbqZZ0t7fcA4zpoSS3sLfRhFtWp7dK87j4GPgj812kM-P0Z83VOc1aXS7RzCJyZTNHGZZZ8Ys4VgiYB53LdOEBA7D-83QhZ8LIgKqMz0O6UsqiR_0S-z88UDH_3lcPAndXkM0aew_i-GgUQbCe7_MX3t86iOZLk3b2PjcUEoZtCS19kI72DDN9Tyyfj8faqdVU1A0boGlTwN05EhBDtt_YkEo_6js65fV28n4Fx3axd2nUcz7087AWFg_sGQGO9x2LF6Mbkjz17US2lWEGjDu0JQL9S90FruJmJahghOsi6MAfPeDpd0IY6SkbLR5yCKOK2ODT4f5lwvM3XpOJ-7CqDnZckTOBSZikkeK3L65YXd-IcEPJDLHszusFGjXkhP_PNqgDUXNJtfK9bGT6W&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJkXbZssFZf2ZCKrE5LcP-MyB-ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAgjtKgQm4bE-qAMByAMCqgTOAU_Q0LvJa0KnWFPfy7X0HCvjz6i3St_bKKak4bsbHNV1Dww3PVA3nXHkQ4QurmwYJy1Iakm0hLoQOnjqPeZakDyq8OMmu_UVpnVn9poD-poOF4FPUudAFY5HQPT74jtq_2bSiu6GKWUGFG6LNGdDv01vzpau6xQN_-82aVgmntktzgONTAg0TpoiDcY8kdXanrp099bZFjy2DIJ-EAHsW7bKPNmXFSe5yN3qrwaOrQ2Ysk0XGin9-GuWKi4xKYKdShtO73AH9GSw0db_wn60gAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_35KKwfPNlPm_TJA97UlnCYS7Y9jQ%26client%3Dca-pub-5884294479391638%26adurl%3D
Frame ID: B017AB021FBBC632B450AE1005F7D1CF
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C0FAB7CF2666192042F26C5182BC4C3A
Requests: 9 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=91462500097585604438442012449007&a=9bc051eb
Frame ID: 965CA21C02F0B63E070A4441D0F62821
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A674186450B517A596FDD8A0F724D469
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C5EE6CA1C01851B301ED02B471204277
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5EA9630BC7809CDA3C2FDFEFBDBC07F9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍸果果成長日記(4K)【國語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

Page Statistics

170
Requests

91 %
HTTPS

45 %
IPv6

28
Domains

39
Subdomains

29
IPs

9
Countries

2126 kB
Transfer

5193 kB
Size

23
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://securepubads.g.doubleclick.net/pagead/adview?ai=C2laOZMsFZamlCdXNgAfstrKwCezb0IBz-c2xzcYR2tkeEAEg08vOMGD1lc6B4ASgAajh7KIDyAEJqQJY4GIjrrSyPuACAKgDAcgDSKoEyQJP0NM-QXWTQumkrqYbxnVR-SPbJXy8SftsVdtvPAobrHMqX7eKfl65lEj-xYlus9dWvC6kRFSfBrqHPMcufXZWwFJ2j3HjP1NbtziKhHFy1zMANZr84CHu6JBbgTfVtloNNeXCEPobhLnS6vqYVNGvVaxLND-paoVgbBfjyjkZEq_OQV8Bnp7Rhhn0DLSoLj9yj8Kr7LX9nqZkTHBFgxmDXrceyne0WjbmNk6R9PUuE0xZhRLE_vzgL08dBHL2wJ0AiFlaBNHvM9RiHBD0Se1lols176DHgyVzH9rV4O3u_pxnifKdOQcdBd9wlJNYjw2tAvZE-s8CiD5W1dLaBLa15-eMvos4kI4S3iT83GalZEBeDisSF2VjMv9IRFbndSoOsBzB51h-auZtgkWpkemQlzDDMt3f4jjzc6nAvBVRkoUbjjzajTqdP8AE07HZ9asE4AQBiAXcrsPSSpIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfAnpNdqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJLWh0dHBzOi8vd3d3LmlsbWFjLmNoL2VuL2Jhc2VsL3Zpc2l0L2NhbXBhaWduL4AKA8gLAdoMEAoKEPDp06aY_eDFBhICAQPYEwrQFQGYFgGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=ogFSHdbgMB0&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWDagZ8weWLnnmIX6FpxWdmRH9Cjz-kBgB&template_id=419&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x9b1f410df357cda20000000000000000%22,%222%22:%220x3229ab947aa0332f0000000000000000%22,%223%22:%220xba59ebce7d6afeef0000000000000000%22,%224%22:%220xeda57169bbbb3e100000000000000000%22,%225%22:%220xf7232eee99e6f0fa0000000000000000%22},%22debug_key%22:%223773760702339748788%22,%22debug_reporting%22:true,%22destination%22:%22https://ilmac.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%2215%22:[%2251%22],%2216%22:[%223%22],%222%22:[%22878391464%22],%224%22:[%2209-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229842662886332983857%22}&andc=true

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1&C=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZQXLZkhObT31gkT3BKzKcAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1

Request Chain 134

https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D&documentReferer=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=3576518558622&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D&documentReferer=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=3576518558622&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 136

https://um.simpli.fi/gp_match?google_gid=CAESEIS8oA7622RldEzpy6HHag4&google_cver=1&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlpAAe40cc_Kco1MwLmhfZN_gA7w0AEU2n7Ys4kml1H2iR6t5fRTnhwhCdghQJ9OGg9HSDK5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=93704F369A474B8B878A81F4D6429D6E&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlpAAe40cc_Kco1MwLmhfZN_gA7w0AEU2n7Ys4kml1H2iR6t5fRTnhwhCdghQJ9OGg9HSDK5

Request Chain 139

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEHTWPPjEFFFZbSihspm5kFo&google_cver=1&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2AjW6UYSRDp1evc9u1Hzj2q-80VV3qq6PKzrBE_LC_o_NhsvY8TgFiFyaxGKc2YWZzymLbgh-Gu3qFiBs9h-cnWj5XX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2AjW6UYSRDp1evc9u1Hzj2q-80VV3qq6PKzrBE_LC_o_NhsvY8TgFiFyaxGKc2YWZzymLbgh-Gu3qFiBs9h-cnWj5XX&google_hm=Ia1Wb5CtR46T_3TTlqgXS4M

Request Chain 140

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESENH7pA653wdJfB5ckoQKZmQ&google_cver=1&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4ZakuoJgDVyaxips0eJmVnlgOiIkDwbtw HTTP 302
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESENH7pA653wdJfB5ckoQKZmQ&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4ZakuoJgDVyaxips0eJmVnlgOiIkDwbtw&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4ZakuoJgDVyaxips0eJmVnlgOiIkDwbtw&google_hm=OG9TNUhRbG1zOEh6UHdNRjBPbzI=

Request Chain 141

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEHw9huF1asfAqk8We-B0Mis&google_cver=1&google_push=AXcoOmTSdAgPrUAVxrFmkP-ClDJxdCh8NLfZuDmyTwc9Eiu4UPngfgYsnE-mT3GlLKUdYUKoU5RKccepQsZBrru8sAPbhqnFjc6CSQte8yr_V3PfgTttgQITHW9IEzRK4_CBPYdS_FX4YlRXRtm8qVARNcpKhw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=24f1f3b0-b7b8-4ed5-909c-22d9c19e0a95&google_cver=1&google_gid=CAESEHw9huF1asfAqk8We-B0Mis&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTSdAgPrUAVxrFmkP-ClDJxdCh8NLfZuDmyTwc9Eiu4UPngfgYsnE-mT3GlLKUdYUKoU5RKccepQsZBrru8sAPbhqnFjc6CSQte8yr_V3PfgTttgQITHW9IEzRK4_CBPYdS_FX4YlRXRtm8qVARNcpKhw&gdpr=${GDPR}

Request Chain 142

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEDUuMuWwPN45CDTAfm5_53g&google_cver=1&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1wY6M-3-9dy4uzfzgeUDZGmbWFmJv6h4ScutHaRV15Z2xJ6-bg5pcM2EahvXrmQ0zZMsjBiQmGfF8FuIqYEJZiGwbDHyg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1wY6M-3-9dy4uzfzgeUDZGmbWFmJv6h4ScutHaRV15Z2xJ6-bg5pcM2EahvXrmQ0zZMsjBiQmGfF8FuIqYEJZiGwbDHyg

Request Chain 164

https://fksnk.com/cs/google?google_gid=CAESEBYpOZ1LZlgiMtqC7pfiJAU&google_cver=1&google_push=AXcoOmQez4QXzhqXu4xl79LAJC0Lm0itCQmScVDQTVLZPVrczSpjJjnvqVNTLdVIJU1DZCjdWZWXhT9dCx7qVe1gXmz0YeFXY92KhQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MDdDOEMxQzY4NzFCNkY1Qw==

Request Chain 165

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEE46ekCXGPdT_QqCDfR-g8M&google_cver=1&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVEJZqrn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVEJZqrn&google_hm=eS00OWhMMTFWRTJwR1ozWVJmNm1pODB0MEdGNDZBZVNrS35B

Request Chain 166

https://cs.media.net/cksync?type=g&google_gid=CAESEKfDW48_RHhX-1Rv_9lcZ9s&google_cver=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKfMN0qiAuwZ0A2OiG69nTfmIKZs1kIbD4D6KQLMbCpmty6vvhIkKRQ9i46TdX1luxrgxFjf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&mn_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKfMN0qiAuwZ0A2OiG69nTfmIKZs1kIbD4D6KQLMbCpmty6vvhIkKRQ9i46TdX1luxrgxFjf&gdpr=&gdpr_consent=

Request Chain 167

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEEpa6Oh6d0AfQ467wIGnLNY&google_cver=1&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1leN8mJJBwCOZ8AHUPKA2U_fxFNo2BCXS31RyTWkHiW54DM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1leN8mJJBwCOZ8AHUPKA2U_fxFNo2BCXS31RyTWkHiW54DM&google_hm=QlMuZDdiOS1iZTM3LTRkZDItYmNkOA==

Request Chain 169

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBcJGrtFy2Z7jA74GBFEUBU&google_cver=1&google_push=AXcoOmShwMnJj0ggJ_2SHHJ5CNi-W-9Psgv7jem4xUJ6kHwUlyudp6bI0ASVhSoMJQiIrDCjgDDDdvayVpAfSorBcWba9CzQ-mjVJg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmShwMnJj0ggJ_2SHHJ5CNi-W-9Psgv7jem4xUJ6kHwUlyudp6bI0ASVhSoMJQiIrDCjgDDDdvayVpAfSorBcWba9CzQ-mjVJg HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 170

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEH8y_5bkc0Es7ybyX-fohRU&google_cver=1&google_push=AXcoOmSNTAC5oa9qhEkIgLf_n1NEn9NhtcxEro9Nbjyj1MBQcfMAP9ITgNv6nUzcEh167WbJSqii_0wgZ0HdU_h4RAQL3AATjc-Co5I HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEH8y_5bkc0Es7ybyX-fohRU&google_cver=1&google_push=AXcoOmSNTAC5oa9qhEkIgLf_n1NEn9NhtcxEro9Nbjyj1MBQcfMAP9ITgNv6nUzcEh167WbJSqii_0wgZ0HdU_h4RAQL3AATjc-Co5I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b052e2b-864c-43a2-a156-8ff05fba47d4&%%GOOGLE_PUSH_PAIR%%

170 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request guoguochengzhangriji4kguoyu-wangzhaobing Show response
www.xgcartoon.com/detail/ 99 KB
19 KB 816ms
380ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a3671b0e800e1dc796dc80b6355102eb496160bbe70662ea24a456bd7efbd0b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 16 Sep 2023 15:36:02 GMT
etag: "18c9b-sBG3JEEtKFMV9hzMtPAoDKPTRbI"
expires: Sat, 16 Sep 2023 15:37:02 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 277 KB
71 KB 132ms
53ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abb10cb48ee591b0c9f225840cbe5db42325f2b8a6e6de024d42f1b35d2c05fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72928
x-xss-protection: 0
server: sffe
etag: "f87f507b897b58e2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 152ms
74ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b5bf86558934b68f6a6284900ba8f733bd7c22bb3c72bd26471843a44bb743b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23142
x-xss-protection: 0
server: sffe
etag: "6a968f96e45060d6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 114ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baeb44fbcc34426a9ecaa6da2af021848c04d86850235f2d53503f7e2abf6df0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9443
x-xss-protection: 0
server: sffe
etag: "fdbcbd0268737d7d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 50 KB
15 KB 154ms
79ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecf56b2cabe2c48361ca22818fa72ed1f7fcc164dd5c57868f112ba49dd03f6b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14997
x-xss-protection: 0
server: sffe
etag: "7bc938fc29211ca7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
16 KB 107ms
33ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0d72a01e38febc03edb1ebbe3fb5b88e3976f7f5653af916be131ed3259bddd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15379
x-xss-protection: 0
server: sffe
etag: "ddf66755a41eeb70"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 125ms
51ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de07c17694b3b586ecfea8692d819b3fa27a3ed4d895cbb25c48a1c52a8a9d26

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4736
x-xss-protection: 0
server: sffe
etag: "06f88ea3f9573f29"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98d272b4525bce1ab0accaba6ccae87c8b72e24ac77f7b76fa2ad10ed8a5fad5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10329
x-xss-protection: 0
server: sffe
etag: "6a2f7ae4dcae680f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2d0d3fdc1c807ba04b6a66564b4db6c0a1d997cc3b655e60f9ae294c5668225

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 16 Sep 2023 15:36:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32157
x-xss-protection: 0
server: sffe
etag: "526f779e48dbd5da"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
469 B 238ms
179ms Image
image/gif 104.20.218.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.218.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 807a2ecb7eee9052-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 198ms
198ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Sat, 16 Sep 2023 15:39:03 GMT

GET
H2 200 guoguochengzhangriji4kguoyu-wangzhaobing.jpg
static-a.xgcartoon.com/cover/ 96 KB
96 KB 4687ms
4612ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/guoguochengzhangriji4kguoyu-wangzhaobing.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9f08e0e42d6f997f85664e63335c38150a82d4aed7ba2cecd17ad1e2c70061b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:07 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 03 Jul 2023 05:26:47 GMT
server: cloudflare
etag: "5A180706EC4FACADD64043A1DA396D7A"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 807a2ecd0d171d88-FRA
content-length: 97871
expires: Tue, 19 Sep 2023 15:36:05 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 208ms
206ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Sat, 16 Sep 2023 15:39:03 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 209ms
208ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Sat, 16 Sep 2023 15:39:03 GMT

GET
H2 200 wodexiuzhenkaochouka_diyiji_dongtaimanhua-liuxiaoyi.jpg
static-a.xgcartoon.com/cover/ 74 KB
74 KB 1199ms
1125ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wodexiuzhenkaochouka_diyiji_dongtaimanhua-liuxiaoyi.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efaaec3d33ebcd270624b7a9f5b156a9d002a29e01600db9ec9e22a216b46162

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Jan 2023 05:44:58 GMT
server: cloudflare
etag: "794AF4E0C4CBF4B3283D34DF81340D41"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 807a2ecd1d211d88-FRA
content-length: 75448
expires: Tue, 19 Sep 2023 07:23:07 GMT

GET
H2 200 wojingbeinvmotouhuanyangle_dongtaimanhua4k-xinglingdongman.jpg
static-a.xgcartoon.com/cover/ 72 KB
73 KB 1160ms
1087ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wojingbeinvmotouhuanyangle_dongtaimanhua4k-xinglingdongman.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6264d3993e7b3f1a5d2f658a1a0b8ba142ee16c58dcbf3cdfd6245eeb7d01b16

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
cf-cache-status: HIT
last-modified: Sat, 01 Jul 2023 01:56:51 GMT
server: cloudflare
etag: "45F072EBB827472B5E656D0CB210B5A6"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 807a2ecd1d1b1d88-FRA
content-length: 74002
expires: Tue, 19 Sep 2023 09:23:04 GMT

GET
H2 200 wocaibushiedunvpei_dongtaimanhua-chuxinmanhua.jpg
static-a.xgcartoon.com/cover/ 73 KB
73 KB 551ms
478ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wocaibushiedunvpei_dongtaimanhua-chuxinmanhua.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67c1279e59cea6744574ab1631416b93433c878cab2fa50fed84cc1fb966ebb2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Jan 2023 08:58:23 GMT
server: cloudflare
etag: "F6173502B6CF078DCCE8D57A8E17CEEF"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 807a2ecd1d231d88-FRA
content-length: 74397
expires: Sun, 17 Sep 2023 02:49:27 GMT

GET
H2 200 shishangzuiqiangdizijianyiriyu-songjiangmingjun.jpg
static-a.xgcartoon.com/cover/ 8 KB
9 KB 354ms
281ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shishangzuiqiangdizijianyiriyu-songjiangmingjun.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a32cec1a836856c414d203f4c5874cf79d11fa54fed9d8d71a8259ecd3bc434b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Fri, 11 Nov 2022 05:42:59 GMT
server: cloudflare
etag: "4C3647BE272088F3F7D35FE498DE4FFE"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 807a2ecd1d1d1d88-FRA
content-length: 8481
expires: Tue, 19 Sep 2023 12:11:04 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012309011827000/v0/ 8 KB
3 KB 62ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309011827000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2313b832ea2d9d8e3c1b5bd2b9ca3498ffe84065c84294ead0a6617f8c1241a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Sep 2023 21:07:40 GMT
age: 325703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2980
x-xss-protection: 0
server: sffe
etag: "1123f3a95b3d07e5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 11 Sep 2024 21:07:40 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012309011827000/v0/ 237 KB
63 KB 26ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309011827000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e8d7b58a7d85453ef7267e187eddd9181d35c4c8d2393ed9563aa9a0089e2d5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Sep 2023 21:07:48 GMT
age: 325695
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64147
x-xss-protection: 0
server: sffe
etag: "201830000134ceff"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 11 Sep 2024 21:07:48 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012309011827000/v0/ 12 KB
4 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309011827000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bbbe27a91eb385c7f86d2203bd841747096782df337bae2afdb74cf4fe90258

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Sep 2023 21:07:40 GMT
age: 325703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3934
x-xss-protection: 0
server: sffe
etag: "57ee2204276dd362"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 11 Sep 2024 21:07:40 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 761ms
708ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309011827000&d_imp=1&c=945001393&ga_cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ga_hid=1393&dt=1694878563400&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&bdt=362&dtd=11&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb30ef503fb5187892ab778c9a3d0c49b5d47a56624612fd390390fc3e4ce4b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13997
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CI_Z9NW6r4EDFQGwewodZs0KDg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sat, 16 Sep 2023 15:36:04 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 508ms
456ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=801&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309011827000&d_imp=1&c=945001393&ga_cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ga_hid=1393&dt=1694878563401&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&bdt=363&dtd=12&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

784f7d763849181f08ac96436074fdde66c0de0ea18c02c2614e0e7a7c3b6461

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 120x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13027
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CJe929W6r4EDFUsK4AodELQLTQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138351399065
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
24 KB 339ms
287ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309011827000&d_imp=1&c=945001393&ga_cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ga_hid=1393&dt=1694878563401&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&bdt=363&dtd=12&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9169550ceaf178b5077320a2fd5e054de84c5c701c0e8bd7cd4cf0c66844afb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:03 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
x-creativesize: 300x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23271
x-xss-protection: 0
google-lineitem-id: 6350518020
x-qqid: CPqp29W6r4EDFYD7EQgdwkcKpg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138441312652
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sat, 16 Sep 2023 15:36:03 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 108 KB
37 KB 1019ms
967ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309011827000&d_imp=1&c=945001393&ga_cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ga_hid=1393&dt=1694878563401&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&bdt=363&dtd=13&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cb92be76ca5200ce6e0faef88dbcf0a2d4d69b8fce1f8e4bb193ea1bd272b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37413
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CKnng9a6r4EDFdUm4AodbJsMlg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sat, 16 Sep 2023 15:36:04 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 1210ms
1160ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309011827000&d_imp=1&c=945001393&ga_cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ga_hid=1393&dt=1694878563401&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&bdt=363&dtd=13&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67a3f2d8d51fe7ab861c3dd7da4d78180592c01c51a2767f32ecac1929c3af7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13977
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CK_0kta6r4EDFUO43godFbEBIA
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Sat, 16 Sep 2023 15:36:04 GMT

GET
H2 200 container.html
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 99ms
28ms Other
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012309011827000/v0/analytics-vendors/ 2 KB
886 B 20ms
19ms Fetch
application/json 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309011827000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Sep 2023 21:07:43 GMT
age: 325701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "eefb6e15c88944d2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 11 Sep 2024 21:07:43 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 671ms
670ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Sat, 16 Sep 2023 15:39:04 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
247 B 98ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=1393&cid=amp-o9qo4_Da5ZXAfUFCrnVHPw&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&dr=&dt=%F0%9F%8D%B8%E6%9E%9C%E6%9E%9C%E6%88%90%E9%95%B7%E6%97%A5%E8%A8%98(4K)%E3%80%90%E5%9C%8B%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1694878565&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E9AC 6 KB
3 KB 30ms
27ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F187 6 KB
3 KB 23ms
21ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4B39 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 445B 6 KB
3 KB 36ms
21ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C729 6 KB
3 KB 55ms
19ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 4A83 51 KB
20 KB 182ms
90ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLYwANzc8Ke7ABAArNZmWGYEbXQEuFfroR9A&u=%7CX9fvg%2FDO1u6jPW53yoihazPoi72rkqo2IarZxdzX0vY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osI8geD4fhYHCh3uyFgOM6LlOqHAKbqJCNdBVexjiZYSZwtNDvvnRkMMEyz6paF_FD4LzMm3kIjXv5T8oQeVRTRrVJZNs-Tnwp94YqPFx6oOErmEnkDdf7VEMYezTvnH60qNNLZla2wuH3l3BosUtdLmHsEES4Og2Utl-YKtTG2whKVgqLdQfk4TbCBLrxhQOQQhAnt8tTS1KwfULTE78Tp4ih5xu3Cdjm9HJoULiE2YjnoSu0L3jhyXf2z1jPyGFs0FAccpBaHy_LgVKlod3DV1zQrjv3qK4l7K262XWEbXwH_k38mkR_GGsZPGxuykkknsqDWTRfpMyeYVKqksv4jhVMkn4ob94kfuz1IfFj8HSxnUWYeuUiwpNYcnoTeAIaD_luEsNKvXMGhNl_YxeZHF53sTVHkf4JpqPuXowIZEUJsJVv4AkJ8XuUCCQij4Pb8zazLu9W6OzrsnkSNm_IfLigTZQd4x6BQX3-qqkbl7M2Uy-yDJgN09N9LSYt3DY37AJBx_Q1O6M5vjaQ_0nbaex7CzpF60O07HAgx2gGck7Qre9KeKOuD2nfnzn704zht7VkLDDBsHgk94IX_mQhCN43ISfI5QxjfglYeY-mikZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPNXLY8sFZc-bN4Hg7gPmmqtwyZ7SsVzVnZH3cMCNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQII7SoEJuGxPuACAKgDAcgDAqoEsAJP0BgcANNXzUUgBrNwag2SjvV6Xibg2WE6EwuDClasw3h5dtJavskxcojtqDmRlBB1CxvItxlfJHoy14fs98zoZ76I5_1E9qez-4gCnZ23Mqh_k1DsV55Q6iHJuNjIo78k_WN6ayLoZ0qtY6PfktXbkE1Lkm2jN6BjGA-4T_6T2facquHoWz6iCghWnytkHQw3KpYOxoRPIwbyJ7h9QVdDfW6gHQJIm5YLjQk1dpKNyr__UqpR1KPMJqmJUVLJCA7GLInqaq6VtC7aViVaYdUelM2uvat_q8wkTg0ET__am7uRRcEMNwnmPkQ_capdqH24WptaYIAJY0RrLkaoCcb1asXN3eg50OrJYJx8oaksIkpJ_MTvPGC6ca_lA-Rf_YvG4L94vArSK7siMAo6dPvE4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1znLmIPaBhwBAODoBnuh9aWIzQAA%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c44e2177c822ebe1a597f580f28747b1a5ae26854123c593846345b1ae45a095

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=C8uzJIRebaweyHzXp2QL4aB67W_-IvPxMemZGqmJv-OpiFDZcoyFIp7g5YYnUFj6KZ-CVj52vtkPaGn6Z9Mtwu-kppBXfCUoVcB0tEvWMw1jzCtAZ_fMRxnGzDY11jwGrOr3KJVQFA1WKqkQFQ33bKuXK8qlxUf4kqqIoGnBZdx-ktdAPQR5m0WBFrhHZx6gp-8GPqmf0MJJB5CQvCOPU6HAyb4XPARHw36QuUjvLiGVCd3wAUu0knaPf1KvcderHyrO1w"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3536585
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame E9AC 3 KB
1 KB 105ms
43ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/window_focus_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 11:40:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Sep 2023 11:40:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame E9AC 20 KB
8 KB 81ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 18:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75967
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 18:29:58 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E9AC 24 KB
7 KB 83ms
22ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 14 Sep 2023 20:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 153505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Sep 2024 20:57:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E9AC 182 KB
57 KB 93ms
32ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame F187 18 KB
8 KB 111ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b8f2da9f995d97ac5ec7e385e8d56f851b3fadfd52cb30f2e228eab737c8a3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7893
x-xss-protection: 0
server: cafe
etag: 13592670874805695759
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F187 182 KB
57 KB 111ms
61ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F187 0
460 B 58ms
58ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstmMueg8HdeqUpNBr0YG1tbd-Nop8bVH9oLbuaCQIKmBJwPKP5SB9_E_r3NVShDcLHecjumCEDl4hHjUuvpUkWY3Zq1GAteBtYX_sk4SwLH0KD2vaeL2pxo_Koi7xN7XcGglDqddhckPJ4GZpGQFeKnbR-IFTiz0rvs1rqO4Kqc28rrp3kuc6Jy2MlzO3S-rDHZIBzCXCp2TV2bg0MkBL6SpR2au7uvJhSGlUvZ-mrG6T-Y4DdUui37JdDt1TqZMPmnDuOe6ghtjqYzwmQrE7mSXlGqAWrrpjSJs1e3kczJ3Qa0yKyLBNq5YLo3-qW1lGw4wxR9cfjAUePOZ9qknj3pY7OaCaSi7B0yYM7s_A&sai=AMfl-YSTaBv5DIaQVK5EMJdnAUgk2oGoTAhrUr8M0YqeneXXhgG59yP4pIbtUwLS3HS3UzoHy6HZ5_G7AEIc66U&sig=Cg0ArKJSzJnL67Z3iiOREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4B39 97 KB
28 KB 118ms
118ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62270310d80f372918ae79fdb4561fdec897d897f62fc867a657ec08ff87663f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28945
x-xss-protection: 0
server: cafe
etag: 958 / 19616 / m202309120101 / config-hash: 14175700841114183422
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4B39 182 KB
57 KB 111ms
70ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4B39 0
293 B 62ms
61ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshfuJc5SMuL4tFajeXpFA115_GWj3strVJCw-8LrgoG_nzRYol8u3yXn5l4wmgT8k-F3Mejr3-aK9rcz9-QnMs1NnIsKeRue1xlSrvmcyLlYMg4WlVr024U1LsPRjd39Nf8qYjLWQZIp22b0Dw3Ktp75dIIYupwOf3QNW7_cgrHJQrsEY8UDEaw3fdkTsBkOe83sSNr2uM46BkcHtxysIL1xhQBO7HWGXbVuiLFePikQj6-kqixFn6UG-XeFUSCBZCUkFnUera9hHZCsy7Kf4nFBfqLqCium7xOBGaKh4SRjNwL6bujsthmaPN4y33h62-omJzLRuACcvJx-7owz9ijXoR_VbRpTJh4PyCMddNxE4&sai=AMfl-YTEgYirK3rAuPl5I4Od9lETJaPMWqAR2X9ERnoQmizSgpGnbal4HEQWvGsXCVRfoGQqXwBUsyIexvyOvo8&sig=Cg0ArKJSzLR5EmvKUgEPEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 2ab36c0d951b69d9c04f85f5eb613648.js Show response
www.gstatic.com/mysidia/ Frame 445B 9 KB
4 KB 65ms
19ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/2ab36c0d951b69d9c04f85f5eb613648.js?tag=client_fast_engine_2019

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f36c6941b3a0b755df6e1c1ba6919dc8eeab051a52504ff431c3564d4d791a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 10:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 362814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3933
x-xss-protection: 0
last-modified: Wed, 06 Sep 2023 19:29:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 11 Dec 2023 10:49:11 GMT

GET
H2 200 cd233a70afb96cd167e1530303b3d74f.js Show response
www.gstatic.com/mysidia/ Frame 445B 36 KB
14 KB 65ms
20ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cd233a70afb96cd167e1530303b3d74f.js?tag=html5_display_upload/html5_exit_api

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0c95e145b8f28a0e8a62eb2017b95248f618344fd490af692098d82ff2d8757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 05:14:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14669
x-xss-protection: 0
last-modified: Wed, 06 Sep 2023 19:29:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 11 Dec 2023 05:14:16 GMT

GET
H2 200 7aa689309bcd7b42dc3616d5eb539a0d.js Show response
www.gstatic.com/mysidia/ Frame 445B 22 KB
9 KB 80ms
36ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7aa689309bcd7b42dc3616d5eb539a0d.js?tag=exit_2019

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467efe85f19395240c89559ed17661f02b1b662a54af39992bb8d58158b39a04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 20:55:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 412827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9353
x-xss-protection: 0
last-modified: Wed, 06 Sep 2023 19:29:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 20:55:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/ Frame 445B 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/abg_lite_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 21:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66963
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 21:00:02 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 445B 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/window_focus_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 11:40:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Sep 2023 11:40:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 445B 20 KB
8 KB 54ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 18:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75967
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 18:29:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 445B 182 KB
57 KB 125ms
95ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 9041af033b7a690ba70e3134a2c135bf.js Show response
www.gstatic.com/mysidia/ Frame 445B 36 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9041af033b7a690ba70e3134a2c135bf.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9d88352b286107f60c320c4c088f718c2a3a273818cd61901edb7f235a9339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Sep 2023 17:57:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 337119
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15189
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 17:48:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 11 Dec 2023 17:57:26 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame F163 54 KB
21 KB 112ms
60ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZAAGGS8K3rhDAAGxFVWaVRBYTZHCmR0kVQ&u=%7CII8l3dthMk7pzjXc%2BHN%2FPG9gYUqwvQ8dq%2F0iR6UbzjI%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osJFU2OVNQ_yLB0ulrIWe5sgxMHeTdA4F-JUkbB7ie4KuWK5nQXMeHyBKjHJJG5i1klhPmPfLyYiiHChQirN_4HZIuHuzjatkBTFHVcWhPwEohwO5Xw4ANwjB8i41SsQoY9Q6Ex3umdszpqqjul-mgVvVKOKXjUkvgVmJtxfwgrsncFzQ810G30TKrhFaBB76zS_q2hGq_5svVVRn3IFcfVMNx4rJCxXYH8-y2W_MkmXXD0yxFg8JxhdhGK9Gl7DPbFL60DnVijUN4Ao32LIy8HYzgsO0Rp9LyxI7Q9NtVTuuXTx5j2866XcLpaSmq1fFRg5MDsnfJJQ2_IrAMgsTHHmm0JmcLH0HkufmgIihU1NqH_YHgJvDiTO-Itp0qqfbKW6LzBdkgmMUYQKOofAePv6IQWHBoxMVBATslH92KEAnDEY5IZysfvkDtivdUDcIq63ZtjqkoGUfkia_AK7Npy9klk4EcbuCNX8Yz5s8555HCnJxS5DVUIQXt5CGR8NQvMekl3xqJAzw4S8iIRhGGQd7uzN_j0idimH0T7WhaUP6CTXYQzGiiFS8koW9gg2yDuXKFUrvN7Ki-mCbmUodrL0QAmgGrvIEieMPG3habNNBg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm43gZMsFZa-yGMPw-gaV4oaAAsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCCO0qBCbhsT7gAgCoAwHIAwKqBLACT9BNcTWEm4iCcrr5CENWaapq1edsJTwYr8d6qtWOXyn59Ftgil0xmflMw94hku9Z0-glmHelJNIILIJA8zWLkG0hYIbsj7VaG4yxoKvfJ8x3wTObAkN0oYQLXasdyDRmWQx2KuswEP7DuQHdvX0D6IXeZ__HiazkF2PsVf2RE0LGat3HfWuRquCpVfjGV5NlpQK_dNJYWF4pEvNWDV-gUqF2JwG27-MPYy-P2nNVYIxvuQhKKcoAfeQvuwS2SywjIqsfasgmPFX0MzWoDLki05_4FP8uPAW3A2vaeD-_W2X352lTyT54mVPgQIBcyGj5_silnLOgbjjaGX4Kl0Pi1PyWBLmvLpl52YKPhzNhKQzxeXLrw3ZFZgXARHDdhL6oORa3tKjemId54elMHOtJUeAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2ExhKx2pVYFXhLWpumg1neEnLNsg%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a84a6ca534c04f08052f6ac607ae2a27542f87aa164deb19c7fbc48c3d17f488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=dd4Ps4RebaweyHzXx-cGavQF7yAPxdbiRlCynBOHpQxSVQFHRDPtZOhKTYKgcmPDZvs5L8anJnU_n4SsxGKokLBunl6L3xHh9q9q81HCC7x9L2P5LjMFZRfIQFyQ71dH0iWWOXnqSFWpb2kPsN9Q35JQiHaQQS7miiXfshCR8oEhohTOHip8oMX66Sf7CCP3zLLXg7jiR0i9uIolIb1unhhJCqdtCeux0THG7kBlvcWgsadmiC_Kd35_QFadicTbJq-jEg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2827162
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame C729 3 KB
1 KB 63ms
42ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/window_focus_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 11:40:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Sep 2023 11:40:48 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame C729 20 KB
8 KB 57ms
36ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 18:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75967
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 18:29:58 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C729 24 KB
6 KB 60ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 14 Sep 2023 20:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 153505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Sep 2024 20:57:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C729 182 KB
57 KB 109ms
88ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C729 0
0 65ms
65ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CznzBZMsFZa-yGMPw-gaV4oaAAsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCCO0qBCbhsT7gAgCoAwHIAwKqBK0CT9BNcTWEm4iCcrr5CENWaapq1edsJTwYr8d6qtWOXyn59Ftgil0xmflMw94hku9Z0-glmHelJNIILIJA8zWLkG0hYIbsj7VaG4yxoKvfJ8x3wTObAkN0oYQLXasdyDRmWQx2KuswEP7DuQHdvX0D6IXeZ__HiazkF2PsVf2RE0LGat3HfWuRquCpVfjGV5NlpQK_dNJYWF4pEvNWDV-gUqF2JwG27-MPYy-P2nNVYIxvuQhKKcoAfeQvuwS2SywjIqsfasgmPFX0MzWoDLki05_4FP8uPAW3A2vaeD-_W2X352lTyT54mVPgQIBcyGj5_silnLOgbjjaGX4Kl0Pi1PyWBLmvLpk726MdB6CxFKohXqhn45_haCLK8nrznDwc8SsRRhfAtJ_hK31s9eAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi01ODg0Mjk0NDc5MzkxNjM4GJnSIQ&sigh=Otc3vkl-OVA&uach_m=[UACH]&cid=CAQSGwBpAlJW9ljIIZQ27SFFHhs4V1FRqP296opA2BgB&vis=1
Requested by: Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame C729 0
126 B 113ms
33ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRBkywVlLrEk8j9F0JbYEwAAEgAACgpBUVVERHdFUER3&wp=ZQXLZAAGGS8K3rhDAAGxFVWaVRBYTZHCmR0kVQ

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:04 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 153156
server: Kestrel
content-length: 0

GET
DATA 200
OK truncated
/ Frame E9AC 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11500defbaa242f041a56f73d56baf5863a353904dc06cf7bf5d1c3383a91bb9

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C729 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: daa04b40cc57fb62f7302dff7a37ba18593f28b5b1c8e440204ed483e7c551c3

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F187 144 KB
50 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf7f2a6104e3679669f765dcf7152aab7fb9b3214613bfff9791e01722473397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50661
x-xss-protection: 0
server: cafe
etag: 16653958094186369487
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame F163 2 KB
1 KB 185ms
105ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZAAGGS8K3rhDAAGxFVWaVRBYTZHCmR0kVQ&u=%7CII8l3dthMk7pzjXc%2BHN%2FPG9gYUqwvQ8dq%2F0iR6UbzjI%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osJFU2OVNQ_yLB0ulrIWe5sgxMHeTdA4F-JUkbB7ie4KuWK5nQXMeHyBKjHJJG5i1klhPmPfLyYiiHChQirN_4HZIuHuzjatkBTFHVcWhPwEohwO5Xw4ANwjB8i41SsQoY9Q6Ex3umdszpqqjul-mgVvVKOKXjUkvgVmJtxfwgrsncFzQ810G30TKrhFaBB76zS_q2hGq_5svVVRn3IFcfVMNx4rJCxXYH8-y2W_MkmXXD0yxFg8JxhdhGK9Gl7DPbFL60DnVijUN4Ao32LIy8HYzgsO0Rp9LyxI7Q9NtVTuuXTx5j2866XcLpaSmq1fFRg5MDsnfJJQ2_IrAMgsTHHmm0JmcLH0HkufmgIihU1NqH_YHgJvDiTO-Itp0qqfbKW6LzBdkgmMUYQKOofAePv6IQWHBoxMVBATslH92KEAnDEY5IZysfvkDtivdUDcIq63ZtjqkoGUfkia_AK7Npy9klk4EcbuCNX8Yz5s8555HCnJxS5DVUIQXt5CGR8NQvMekl3xqJAzw4S8iIRhGGQd7uzN_j0idimH0T7WhaUP6CTXYQzGiiFS8koW9gg2yDuXKFUrvN7Ki-mCbmUodrL0QAmgGrvIEieMPG3habNNBg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm43gZMsFZa-yGMPw-gaV4oaAAsme0rFc1Z2R93DAjbcBEAEgAGD1lc6B4ASCARdjYS1wdWItNTg4NDI5NDQ3OTM5MTYzOMgBCakCCO0qBCbhsT7gAgCoAwHIAwKqBLACT9BNcTWEm4iCcrr5CENWaapq1edsJTwYr8d6qtWOXyn59Ftgil0xmflMw94hku9Z0-glmHelJNIILIJA8zWLkG0hYIbsj7VaG4yxoKvfJ8x3wTObAkN0oYQLXasdyDRmWQx2KuswEP7DuQHdvX0D6IXeZ__HiazkF2PsVf2RE0LGat3HfWuRquCpVfjGV5NlpQK_dNJYWF4pEvNWDV-gUqF2JwG27-MPYy-P2nNVYIxvuQhKKcoAfeQvuwS2SywjIqsfasgmPFX0MzWoDLki05_4FP8uPAW3A2vaeD-_W2X352lTyT54mVPgQIBcyGj5_silnLOgbjjaGX4Kl0Pi1PyWBLmvLpl52YKPhzNhKQzxeXLrw3ZFZgXARHDdhL6oORa3tKjemId54elMHOtJUeAEAYAGy9-_-5fMovUXoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2ExhKx2pVYFXhLWpumg1neEnLNsg%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame F163 2 KB
1 KB 186ms
106ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame F163 308 B
636 B 158ms
107ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame F163 293 B
621 B 157ms
105ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame F163 43 B
347 B 107ms
33ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=CdYs0QutJvklX78xyGDUIOhooy0ErvyB3OxmMBJVmpqgd1naeZZXV791iIJYpRJMvXbh3NGDRtj1fywNQBIugwooDdWxnW673JlUOjsPBodHXCmSz0ydVsL95Y64wfg4zoOgNNd2Q1WrRxVR5bJptAspm44uKqb0rJn063WyX7nYwVyIdibMClW0NbiK1aK_8M5rZ_T0a2-HKEHD9gxGUtWBMtk6EvAQ8wfeU547I75yfyKUuyhkMknDylqZtM78WnQzR5OuxNzIFMf62iKXJoYkyUgKUFM-ud7sZEg3DrdJzw9MEoPxrKaDTs-zkrjxpuDO-vCnxfmzlMHYA0vWElD-mZIWGsFpJ0zRVJU-_BuSfeIOlgv7NEvC3aFnYZa0yryGJXqw75fRNyqfn0gSKEoPzdxwHRZ2R0_W-5HfXvDtEEUYr-gPvGKDO84GCCRVrlUMxkzs0V63zF35XMxsK78c0Uiv-D7UgAlVIBlxP8pjEhxCydxUct7wAvfTG8jGVw-OAHFXRdZnHVeV14eMb6NYmrk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1693573
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 505d9520411f4fd8a5c4444aa2d8b8e1_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4936818/ Frame F163 50 KB
50 KB 123ms
71ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4936818/505d9520411f4fd8a5c4444aa2d8b8e1_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

fb255b5331b2942ad2e58583d06b2aeed60744ada24c7fed2fe380fe6d7e3004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 06:30:14 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f184f6-c7c7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 51143
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 4A83 2 KB
1 KB 160ms
108ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLYwANzc8Ke7ABAArNZmWGYEbXQEuFfroR9A&u=%7CX9fvg%2FDO1u6jPW53yoihazPoi72rkqo2IarZxdzX0vY%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oZ7-4NEldJVOjE89GaszXgkomLnrnn8qkSCFAawZDNKsDpS5F79akQqBUSJUAJUGpFIXqwyK8osI8geD4fhYHCh3uyFgOM6LlOqHAKbqJCNdBVexjiZYSZwtNDvvnRkMMEyz6paF_FD4LzMm3kIjXv5T8oQeVRTRrVJZNs-Tnwp94YqPFx6oOErmEnkDdf7VEMYezTvnH60qNNLZla2wuH3l3BosUtdLmHsEES4Og2Utl-YKtTG2whKVgqLdQfk4TbCBLrxhQOQQhAnt8tTS1KwfULTE78Tp4ih5xu3Cdjm9HJoULiE2YjnoSu0L3jhyXf2z1jPyGFs0FAccpBaHy_LgVKlod3DV1zQrjv3qK4l7K262XWEbXwH_k38mkR_GGsZPGxuykkknsqDWTRfpMyeYVKqksv4jhVMkn4ob94kfuz1IfFj8HSxnUWYeuUiwpNYcnoTeAIaD_luEsNKvXMGhNl_YxeZHF53sTVHkf4JpqPuXowIZEUJsJVv4AkJ8XuUCCQij4Pb8zazLu9W6OzrsnkSNm_IfLigTZQd4x6BQX3-qqkbl7M2Uy-yDJgN09N9LSYt3DY37AJBx_Q1O6M5vjaQ_0nbaex7CzpF60O07HAgx2gGck7Qre9KeKOuD2nfnzn704zht7VkLDDBsHgk94IX_mQhCN43ISfI5QxjfglYeY-mikZA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCPNXLY8sFZc-bN4Hg7gPmmqtwyZ7SsVzVnZH3cMCNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQII7SoEJuGxPuACAKgDAcgDAqoEsAJP0BgcANNXzUUgBrNwag2SjvV6Xibg2WE6EwuDClasw3h5dtJavskxcojtqDmRlBB1CxvItxlfJHoy14fs98zoZ76I5_1E9qez-4gCnZ23Mqh_k1DsV55Q6iHJuNjIo78k_WN6ayLoZ0qtY6PfktXbkE1Lkm2jN6BjGA-4T_6T2facquHoWz6iCghWnytkHQw3KpYOxoRPIwbyJ7h9QVdDfW6gHQJIm5YLjQk1dpKNyr__UqpR1KPMJqmJUVLJCA7GLInqaq6VtC7aViVaYdUelM2uvat_q8wkTg0ET__am7uRRcEMNwnmPkQ_capdqH24WptaYIAJY0RrLkaoCcb1asXN3eg50OrJYJx8oaksIkpJ_MTvPGC6ca_lA-Rf_YvG4L94vArSK7siMAo6dPvE4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1znLmIPaBhwBAODoBnuh9aWIzQAA%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 4A83 2 KB
1 KB 157ms
105ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 4A83 308 B
636 B 87ms
86ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 4A83 293 B
621 B 87ms
87ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 4A83 43 B
348 B 33ms
33ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=KyGVVQutJvklX78xyGDUIOhooy1-upOqSqPps2yGtyKI75xQfmYhsYQsjJU3i6WrfPMQClhfLhDMfuGBGJlh-krFVTamGs6wLEpT9POQdup4nKkxrx-v7zhsFnFwIn_6VHjZ3hXPuHFOeBaSK5Uxfc-vjcM2E1h19CrCE094t-u-RCkI-vpPGtEOBgLgmUpzA_qffq9zIWQp-lTRtAuy_DUuxseFz0bBt3xldQt9duslhPt84glAhTRZy8rQs9JY3sZ2-yiAKlU3-ZRIN1EsRxWSInLb1ijESYaF7D35lv-RQdLDPZKpiaZqga4R2Ej6XrZOM7J7tYCqZ91N9CXDw-xFf3jMSGRLu-rVlZkzgdWeKAybjpq0xEzkTwXnYFE_-eHUlg2kmI2S8sGphbO7AbEGAytVL6BS6wcsIDZa0QlFXvGaIPGczRC8BrqCi0YA_mMZgV-4w8bI_gXvnUvBTzc20UF_PTwSxu8uzpuY-N3dcfbPgEQMp2OKeKGb32493zrMtcD9qJ9kU6ZUGlF1pjApIIY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1541590
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 505d9520411f4fd8a5c4444aa2d8b8e1_image_ad_728x90.jpeg
static.criteo.net/design/dt/92327/4936818/ Frame 4A83 50 KB
50 KB 95ms
95ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4936818/505d9520411f4fd8a5c4444aa2d8b8e1_image_ad_728x90.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

fb255b5331b2942ad2e58583d06b2aeed60744ada24c7fed2fe380fe6d7e3004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 06:30:14 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f184f6-c7c7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 51143
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
DATA 200
OK truncated
/ Frame F187 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0b78294ecfd46e494d4bcc0e3db79ed943559a81b1a5c1c37fbb689524f7645

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/ Frame 4B39 408 KB
129 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/pubads_impl.js?cb=31076164

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37b564138a8c782c7ef7f804054712a1bb75a63677dca0e6e186b82102aebb93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 14:30:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3952
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131633
x-xss-protection: 0
server: cafe
etag: 12671944107613252425
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 15 Sep 2024 14:30:13 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F163 0
127 B 114ms
33ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=dd4Ps4RebaweyHzXx-cGavQF7yAPxdbiRlCynBOHpQxSVQFHRDPtZOhKTYKgcmPDZvs5L8anJnU_n4SsxGKokLBunl6L3xHh9q9q81HCC7x9L2P5LjMFZRfIQFyQ71dH0iWWOXnqSFWpb2kPsN9Q35JQiHaQQS7miiXfshCR8oEhohTOHip8oMX66Sf7CCP3zLLXg7jiR0i9uIolIb1unhhJCqdtCeux0THG7kBlvcWgsadmiC_Kd35_QFadicTbJq-jEg&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame F163 2 KB
1 KB 101ms
100ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame F163 2 KB
1 KB 100ms
100ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 4A83 0
128 B 103ms
30ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=C8uzJIRebaweyHzXp2QL4aB67W_-IvPxMemZGqmJv-OpiFDZcoyFIp7g5YYnUFj6KZ-CVj52vtkPaGn6Z9Mtwu-kppBXfCUoVcB0tEvWMw1jzCtAZ_fMRxnGzDY11jwGrOr3KJVQFA1WKqkQFQ33bKuXK8qlxUf4kqqIoGnBZdx-ktdAPQR5m0WBFrhHZx6gp-8GPqmf0MJJB5CQvCOPU6HAyb4XPARHw36QuUjvLiGVCd3wAUu0knaPf1KvcderHyrO1w&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 4A83 2 KB
1 KB 93ms
92ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 4A83 2 KB
1 KB 92ms
92ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:05 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 445B
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=C2laOZMsFZamlCdXNgAfstrKwCezb0IBz-c2xzcYR2tkeEAEg08vOMGD1lc6B4ASgAajh7KIDyAEJqQJY4GIjrrSyPuACAKgDAcgDSKoEyQJP0NM-QXWTQumkrqYbxnVR-SPbJXy8Sfts...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x9b1f410df357cda20000000000000000%22,%222%22:%220x3229ab947aa0332f0000000000000000%22,%223%22:%220xba59eb...

0
0

100ms
56ms

Fetch
text/css

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x9b1f410df357cda20000000000000000%22,%222%22:%220x3229ab947aa0332f0000000000000000%22,%223%22:%220xba59ebce7d6afeef0000000000000000%22,%224%22:%220xeda57169bbbb3e100000000000000000%22,%225%22:%220xf7232eee99e6f0fa0000000000000000%22},%22debug_key%22:%223773760702339748788%22,%22debug_reporting%22:true,%22destination%22:%22https://ilmac.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%2215%22:[%2251%22],%2216%22:[%223%22],%222%22:[%22878391464%22],%224%22:[%2209-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229842662886332983857%22}&andc=true

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x9b1f410df357cda20000000000000000","2":"0x3229ab947aa0332f0000000000000000","3":"0xba59ebce7d6afeef0000000000000000","4":"0xeda57169bbbb3e100000000000000000","5":"0xf7232eee99e6f0fa0000000000000000"},"debug_key":"3773760702339748788","debug_reporting":true,"destination":"https://ilmac.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"15":["51"],"16":["3"],"2":["878391464"],"4":["09-16"],"6":["true"]},"priority":"500","source_event_id":"9842662886332983857"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Sep 2023 15:36:06 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 16 Sep 2023 15:36:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x9b1f410df357cda20000000000000000","2":"0x3229ab947aa0332f0000000000000000","3":"0xba59ebce7d6afeef0000000000000000","4":"0xeda57169bbbb3e100000000000000000","5":"0xf7232eee99e6f0fa0000000000000000"},"debug_key":"3773760702339748788","debug_reporting":true,"destination":"https://ilmac.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"15":["51"],"16":["3"],"2":["878391464"],"4":["09-16"],"6":["true"]},"priority":"500","source_event_id":"9842662886332983857"}&andc=true
access-control-allow-origin: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 97ms
55ms Preflight
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=C2laOZMsFZamlCdXNgAfstrKwCezb0IBz-c2xzcYR2tkeEAEg08vOMGD1lc6B4ASgAajh7KIDyAEJqQJY4GIjrrSyPuACAKgDAcgDSKoEyQJP0NM-QXWTQumkrqYbxnVR-SPbJXy8SftsVdtvPAobrHMqX7eKfl65lEj-xYlus9dWvC6kRFSfBrqHPMcufXZWwFJ2j3HjP1NbtziKhHFy1zMANZr84CHu6JBbgTfVtloNNeXCEPobhLnS6vqYVNGvVaxLND-paoVgbBfjyjkZEq_OQV8Bnp7Rhhn0DLSoLj9yj8Kr7LX9nqZkTHBFgxmDXrceyne0WjbmNk6R9PUuE0xZhRLE_vzgL08dBHL2wJ0AiFlaBNHvM9RiHBD0Se1lols176DHgyVzH9rV4O3u_pxnifKdOQcdBd9wlJNYjw2tAvZE-s8CiD5W1dLaBLa15-eMvos4kI4S3iT83GalZEBeDisSF2VjMv9IRFbndSoOsBzB51h-auZtgkWpkemQlzDDMt3f4jjzc6nAvBVRkoUbjjzajTqdP8AE07HZ9asE4AQBiAXcrsPSSpIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfAnpNdqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwMQ8C7SCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJLWh0dHBzOi8vd3d3LmlsbWFjLmNoL2VuL2Jhc2VsL3Zpc2l0L2NhbXBhaWduL4AKA8gLAdoMEAoKEPDp06aY_eDFBhICAQPYEwrQFQGYFgGAFwGyFx4KHAgAEhRwdWItMzAzOTE5OTUwMzQwMzYzNBiZ0iE&sigh=ogFSHdbgMB0&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWDagZ8weWLnnmIX6FpxWdmRH9Cjz-kBgB&template_id=419&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 16 Sep 2023 15:36:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309130101/ Frame F187 379 KB
128 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309130101/show_ads_impl_fy2021.js?bust=31077890

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff97f071dc6af0cb37a9fbff8a10f56277472a4fcdf3fb9cc4fac57b8fa59709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131492
x-xss-protection: 0
server: cafe
etag: 14081757577230050215
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230913/r20190131/ Frame CA89 10 KB
5 KB 65ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230913/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a011595b8a7a4aecacbb9bdd095cf4e446e368e8c897b2daf1807e6016137c1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 66584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4438
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Sep 2023 21:06:21 GMT
etag: 8554266389219770021
expires: Fri, 29 Sep 2023 21:06:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 U2NgGuF9el-mJsFXQu4mM6YCW1zF1vGv2XWOCJKEcfc.js Show response
pagead2.googlesyndication.com/bg/ Frame D5D4 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U2NgGuF9el-mJsFXQu4mM6YCW1zF1vGv2XWOCJKEcfc.js

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5363601ae17d7a5fa626c15742ee2633a6025b5cc5d6f1afd9758e08928471f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 01:33:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 309738
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14685
x-xss-protection: 0
last-modified: Mon, 11 Sep 2023 20:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Sep 2024 01:33:47 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4B39 26 KB
12 KB 315ms
315ms Fetch
text/plain 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2843410654813695&correlator=516458897765732&eid=31076164&output=ldjh&gdfp_req=1&vrg=202309120101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com&abxe=1&dt=1694878565844&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=u739hbju06cu&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fguoguochengzhangriji4kguoyu-wangzhaobing&loc=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1694878565414&idt=412&prev_scp=in2w_key9001%3D1%26in2w_key%3D3%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D3%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=4104462599&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ebe1c1176387a8fddc89059bcc4975c5ce1a3c32071d8b68331c3f33d42aa60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12226
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E39D 6 KB
3 KB 67ms
29ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/pubads_impl.js?cb=31076164

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E9AC 0
0 62ms
62ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNoAxY8sFZc-bN4Hg7gPmmqtwyZ7SsVzVnZH3cMCNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi01ODg0Mjk0NDc5MzkxNjM4yAEJqQII7SoEJuGxPuACAKgDAcgDAqoErQJP0BgcANNXzUUgBrNwag2SjvV6Xibg2WE6EwuDClasw3h5dtJavskxcojtqDmRlBB1CxvItxlfJHoy14fs98zoZ76I5_1E9qez-4gCnZ23Mqh_k1DsV55Q6iHJuNjIo78k_WN6ayLoZ0qtY6PfktXbkE1Lkm2jN6BjGA-4T_6T2facquHoWz6iCghWnytkHQw3KpYOxoRPIwbyJ7h9QVdDfW6gHQJIm5YLjQk1dpKNyr__UqpR1KPMJqmJUVLJCA7GLInqaq6VtC7aViVaYdUelM2uvat_q8wkTg0ET__am7uRRcEMNwnmPkQ_capdqH24WptaYIAJY0RrLkaoCcb1asXN3eg50KjLQQ78MnkRhJpuJkjP1cS0VqVTCcpHfz8O3RmKAxT-MyPopCrT4AQBgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=LvIVUnaN0e8&uach_m=[UACH]&cid=CAQSGwBpAlJWsB3ZHMy7TenoITsBvjHCKTTwod2-chgB&cbvp=2&vis=1
Requested by: Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame E9AC 0
126 B 105ms
30ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F--uBNgFWp2DYgICAAAAHUL_eV8vfNe13ephhfBvkRBjywVl8pPy58-p1A-KLAAAEgAACgpBUVVCQVFFQkFR&wp=ZQXLYwANzc8Ke7ABAArNZmWGYEbXQEuFfroR9A&cbvp=2

Requested by

Host: be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 178795
server: Kestrel
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4B39 0
0 58ms
57ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJRoKIpm-lkJfetjFc2MomTvExoJxFv87hocgEhM2SZs5egCLIFWxsRd49PPgT7ADoBD-TVNKSz49GoDwY4P9RyJ6fWbSTxuejv1ckHjcJyuCgZFFn4x9zRypnePGovHx2qDtAPZ8Q5EablDOr6PPiWc7k1mzHHHuh9zM5K3IwOnY9t4DBN0V2uFEX9VAalCduX6m4-AY-XXgaQBAAT6RdU0XqFRbUbH25WeUiHcJOsrjD_Sw9sPQ_Pn3Flhrg__PZ0WU4i791wQN_vixX2kg33-dxn_Tt8LUkW355QLvCMzLGqGCUyV6ghqjcQjEiuX-uHikJwewoo6t0Yo6j5F8UaPfxJNEctCDZyd7CotW-_Y91-g&sai=AMfl-YTNH2jc6x9rwpyL54MIX8XLbDvLH8cpVObqV7dqlFPvxVSO3LoFK99NgtK1KTfrVQFiiUuzApeWQYJhGLo&sig=Cg0ArKJSzOKsXyiXEB8FEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Sep 2023 15:36:05 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4B39 16 KB
12 KB 112ms
70ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309120101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/pubads_impl.js?cb=31076164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4d58f623b483e3915263a9e2166d7d9e9089c5bb8847a6bace607f60ed4c1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12184
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 121ms
56ms Preflight
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 16 Sep 2023 15:36:06 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6DC2 37 KB
16 KB 433ms
432ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309130101/show_ads_impl_fy2021.js?bust=31077890

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b387438771c8ce181ca40d81beb93f80cd4c4b3d596ad2f0891e992873058ca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16035
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:06 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4B39 17 KB
6 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/pubads_impl.js?cb=31076164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 12DA 13 KB
5 KB 19ms
19ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 19334
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 10:13:52 GMT
expires: Sun, 15 Sep 2024 10:13:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3966 829 B
1 KB 77ms
31ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

39ee1ff0b8100180a65c6194acd66fe8df19ef44fbc552c97289b1769d41c8d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Sc7XoxZEB4Y_jOeimMXBKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 537
content-security-policy: script-src 'report-sample' 'nonce-Sc7XoxZEB4Y_jOeimMXBKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:06 GMT
expires: Sat, 16 Sep 2023 15:36:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 D38i8ocviMyns63bFlxz04547CGgVcdJsS8VZS_5djY.js Show response
pagead2.googlesyndication.com/bg/ Frame 12DA 37 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D38i8ocviMyns63bFlxz04547CGgVcdJsS8VZS_5djY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f7f22f2872f88cca7b3addb165c73d38e78ec21a055c749b12f15652ff97636

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 14:41:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14739
x-xss-protection: 0
last-modified: Mon, 11 Sep 2023 20:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Sep 2024 14:41:20 GMT

GET
H3 200 container.html Show response
372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8FDF 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309120101/pubads_impl.js?cb=31076164

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:05 GMT
expires: Sun, 15 Sep 2024 15:36:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3966 0
0 120ms
120ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309120101&jk=2843410654813695&rc=
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4552 478 B
195 B 65ms
62ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXGtRjyIVjEFG8NfszxU7afRKsQ6NN-eHjy1hwjNxRKzKXjsBxd6NMoSMgtDLulKOFgAPQ0RYFDNtuSyFerSmScP4qaXw

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8FDF 89 KB
31 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31438
x-xss-protection: 0
server: cafe
etag: 13183557946744512263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FDF 42 B
63 B 123ms
121ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZsR0hsTjt7ZwRQW105BxHdDfF9IQsiMZL_ShpRUumx1eCK7gZI-6tjB2EtMNu_04rIYPmhcJOZgMSC-eLshKsmzEbDSYCg8Q6a6qm5FZzOWb3PAM

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FDF 0
20 B 125ms
123ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1668977864976698158&x=1&ct=77

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 8FDF 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/window_focus_fy2021.js

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 11:40:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Sep 2023 11:40:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 8FDF 20 KB
8 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 18:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 18:29:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8FDF 0
0 30ms
28ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ_E3Lfqj6M7ZEJI4lJ3RUK47kLB1TfTti6mWJyU-98dkG1F2VA271TY4e4374l1JeBZSL23Rkn36KxV_NdnJVwA0QfqQ
Requested by: Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FDF 182 KB
57 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 12DA 0
10 B 19ms
18ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AssMig
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 4552 170 B
409 B 99ms
33ms Image
image/png 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXGtRjyIVjEFG8NfszxU7afRKsQ6NN-eHjy1hwjNxRKzKXjsBxd6NMoSMgtDLulKOFgAPQ0RYFDNtuSyFerSmScP4qaXw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 4552
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1&C=1

43 B
364 B

935ms
934ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXGtRjyIVjEFG8NfszxU7afRKsQ6NN-eHjy1hwjNxRKzKXjsBxd6NMoSMgtDLulKOFgAPQ0RYFDNtuSyFerSmScP4qaXw
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BlBLyzBFKlc7FqwSq9FCOJOxsCw0ZEufoNU7CwyeLFqZ89d%2FPHRhoLJecs6sBsgQZy0UZ6r91qEfSkSx033b%2BB2wucudhX7Zf%2FXMnLFcazoqOCQx9E4%2FkP8AKWzDb2DyJxe4kpxLLIrl%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 807a2ee0384d5276-MXP
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rp47kpDvzvKuNMNfyAYel9VcEJOWolnI5GNyxUbMetEvTauntL%2FsWqEv8XcznOjEM7fJjC5caMM%2BU%2FBc%2BxoKg7JhRmS%2FxhNHZikzsE32JGmX14lthlFA5%2B8RXiSbftCxGnzMZHKVqzexqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1&C=1
cache-control: no-cache
cf-ray: 807a2edfef585276-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4552
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZQXLZkhObT31gkT3BKzKcAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1

43 B
737 B

1033ms
1033ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNXGtRjyIVjEFG8NfszxU7afRKsQ6NN-eHjy1hwjNxRKzKXjsBxd6NMoSMgtDLulKOFgAPQ0RYFDNtuSyFerSmScP4qaXw
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTdcKztxIbK3pTr82%2F4Z38T%2FhUx8ysh1F5T5JHqKFQMpGdDPXlPDmKgNQvswYgq3ZL5G49JUuj1mLu%2FS1voQgM3BpS6GSoNj%2BdI%2BYDFZglI379jL8L8khUHdGFVrhdd5X1Puixy4yv2HYw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 807a2ee35f6501f4-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOGhULtL6VGLVltkNg3A2ic&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FDF 0
20 B 121ms
120ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8816784583517&version=m202309120101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FDF 0
20 B 121ms
120ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8816784583517&version=m202309120101&ct=77&x=1&cor=1668977864976698000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8FDF 16 KB
12 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BCSUFm-2T_Om2jFHelJzqV7X4vW-t2G5ZvSVhdR0RfwZLLMtfHPtOytyqhVtwMmJFu5TX1Bs9-D--_pebs5eyLQAlNsqeBVREP4YWjO7VSaA6slCHs3N_anYQ_7N8hW7YY8rQGy47Te9NQsz4a4EaRDn2v58atpCmu6fsdgNoqL0gwrvo&cry=1&dbm_d=AKAmf-B2dG3G_AYUKXcWpvjPbEgrfMoZH-NFvUb2_h2-GNVPxEjzHWv6kBp33nSi1pKmlbw3BmXK0UxfCfjs0uOjyU1TwXNB3JyGU7z0dEl2Z757O7jIYpfSoQkUi7_N4C3nhKhMX8tkFrJScKn4-gdH6CFgzaXzOT1vC0tgxqVipW5mIg1JWxSkDGqu7w8dbM1guiPWpv25Og02fnUD_4u3OrjgmlqRWCwMAQ0X5g136vrde5MZ4shpmGuZeQjAp7wZUC5XvbJpck0fl8qjfruhkQzNwJq5XT7ZmBdB7-oQyTdfo2cteuHLFUZMSE3FyU0dLp16DlRgjO3SZftpll1IKkOmfw_Dr6GyRWsvSITZjrDGA8aiZMrRGM43y3CVxZBQxVtWG6z2tG2nE4izaQoZwGU8vhsOPCe0Ur-MV7h6v6u1Qqav5fZKkrvMpR1aXbun6ZJL5RI0nxYBPJZV1nNjRu0sGo-lGX_Y-6crE0TmwzmKSlO1fJuLZ6l051lBmxOHNSTNR4txVr3zLBgdFxcbxWr5FnQvLDgQjio7VSw5VKo9Z_Ul1v1IfEB5PZCoqg8Euhu0maVYwJ2jGxyq_LckwjvfTLUXf8SCq-2s8kbphm4xdjla_eZD7ZwTCotKeIXNCmAbPw8maTijK2SvZEJKpLlQ82WHgD_8nx8lJuOHJB4xj2ggQtv1Vp00qganEtHn9G1GXDwFWuRkPQ2Rfd4MIygTzP0RnzgXEtTazcBRpb5m72FTWuvZQE9uORX_QGPh7XaCnY3ENhKn8Oi2UXjxIriRw8yOwNK8CL1ANE_swtmgGQZJPfWmSvE56S4obUt8Jt5EpVO-49a5_KKu9fUi8bMgsjQkIFGQt5MinD43Fcrat6OiV-bO6WaFQP0OSNDLyLd3KSHj___aA_vfEvj7lQE1k_59XX2JgOMNLYvBIyAShbirjjC9AwDIUxm4DK53auAOSYemyFYPzGWECiQwUaUuyJ8WQwfU0CYGvaYWxefYv-Ofqzb7coHGWjbeybZdfJxQhVLsP3HAnobr3H80LoYAsct55QTitZeC7GTsoQ0VtkIhuhnrpQapvoeo_ISo_9dU4U1lPXOFzOj9ffa5Bb79WlaanzEFOOe3LngrrKsdVKM2NjMnLiWBRLSAHcHDHatJ-KvFbyHNUvhhriuC3rN_ZykuJaxNkqYQZWLR61R2HvvtZLOSsH8qc9TYLC4Al8N1gRJ1yc29P0KhOrOxwsC2ZT3TjTk1IX-Oer7JKn9mN8iOSrDeARcv_bHsz6XfWpvvhBIwHKxN57IwQD5edBEUY82bWU5AR9jhUKxUWMjYNoVaOTUBfSKh7JNfoacaJHnXob-Stiqx9JIXKaxRDAuPmBk6UTWJWEObYSyCRmFbwM6ds2GZ_rZ_65Fi7xJk3seZQ6i0vrTr1gH65_2kWgOYvdP5v20o6LIyyfNaVlFjsbzUFP1YcyZTdCH9mwSIAHoG_H0W3J9LjfwVNBV6JkWxH7XMcZQHH2DSQ9KwnfWWfrMhOjcWwbRMdu6ZUPqloD3nRTySKPrWY020kxOKVeYKuDFav8N4g5uejUBXtREb1QAU_1rtFaya3jFnKsV8xPpDascbdTkUnoorAiqi1By5_o1wZZOAof0uTGJ02MA2xyAmkl6kovZ5yV1kw76YRiGCSzqwf9Q1MpiXCg1ubD6crQJutqttCRMoIP-UnwNB-7aPHqccrEi1lAebz67qf_OVr9D7NpNmdMNr532YQMESvjxakWNUrbEFtQQzZoUri2BqWpORZraW_gE7eQEFOhLOA1cg1NyGU3ourLyYhLI3N6KoJKYcHH33em52Mc3zl5nUnRmvHNhrVKU0JTHrtTpwErzflpJKYa7WgsTmNSrX-KXftHSIg9OIEw03z0HhiD8Q0x6jN6CNLJS18zNsMOiyk6K3t1tMu2mGOGfDxpFcqszOQLv3iIZqauVuxvpMzm6PvISRW2UmATRH0Y-5RmxKWcVELl35qWMAzSOVw782iiKGXc0aFGRxekEWLr7NB-99MxizUlJp2_o_ZtpKSG_dJCcYegUJDnOu6ND6VIgprHRBh86QLvy55ftc44RmfnYof_TU7Cc0sjo6_oKevfTsQJTOS4LUxr3MFyt0ylN5r6_w0UPD2BpjmbxDKqZBLrA0pr3cc2wzXUAcsrWw7BhESYs4RpppP7DD96w6oXeAdAPUSTzthw1ap0WEOOlxA8T1Ug4iQecx4JcZhP2qQJLkN_BFhy6fgLn-x4e99m0N0eBmL337si_MG8eSRkKmxMjil3rv_tiEo6Pk91Bh-u-NpeaFxLYMh19M2b2m6VZcD3jcMRMJJP-5noKxWzTQEo7ldmcDGQ538yC0I62A0HPuInP70jUXrT7WpJngkgR8Xe6m7qlYDXF-flvnFp38VuUHpgLyk9gxQyfNdRNj8WHWCZXIzFiddVqeSYNajB9xRm0TorediRhVgdB5DZuDDH4AuxB089q-GARR34pPrvdnsIpDIv9-hjCbP28WYWp6NM0xbBLKs-cE0Gfu0-wVWFjxe5EJib8IVLkqU-r2x-hc1D3R74LlCAPjhDPV3JmcTNqKRNYRAYdJSHnfEMq1a7WiX66IHbSMOkQw4pdyZsB40eeN1_XaZWh04xgstiqAlzDaeg3pMherqKXYK-7kMMDYRwaDielY-O9y4ZoAQPyXtqdTEPsXXOhMndsjTVLjUiRYOEJ8y-kp_ZHG9EJqbBjdHYWcuCmfx7OwGfb3eV5Tr2cciGQp-xCkOV0qX8_tYT8dHfTB2tgVs7EHEIoqHcwvU0QSGwfuw4xm9c2FO41DYiWwncpfyh4AO4MtGK7dkOWSXkUtQF19SEyPSvrmK-JR3xokhQCdCPZA9FzyZHshEQJgcsOtVqBleLb1gWv4sitiCDHj2Cn0MFU25dVc2-5t71L4Li9kDQFuEr3ZbogGKYb8HpUgY0aMCWYJrQMnMprXfOkOTWf_ELOw7bv_3pUSs-uj2-mX-rzmZxVrud9uUyIGi42L709D8waAKp3SL4b3l1uBquOIcgIHHP17dBMIF7pSI6oQjoHmKE7PZk_WJnYHLu9w2guj0yBcyhF_-A580GanRgA2QhqCuvt-MVCMwd707a0zgHJPWhZQ_Z3UyFvjL2ox77ZoYvRqghw6BBKvOuNgPkDYDuPOX4RtEFN3K3Bw3dz_WJDu7atRO1BzEFi1H2B2rTxPeXVdQ_baz0qYCMVwJUaeXBAo6DbaS8_f_fo585lERHUpQ0R8OlfBa92NLI7eOgqA4FBVPiJ4useVmyJwhZfJCYm0RqiJSj54d5DTkGUMTFKX_xK4xIFUwSj-w7T-_1oAWQXVV9BswjUin2cbNeIiQGa4QB13TuzYvi_m9XYXGlGGvoXr6UKmr-4rE4HaqAZyWWWvB3mvgvXYvWL5hJJbUvB1IJfldaXW4QlIflJULdDsLJFLTMebhWlu6Br-xOd17iTUrh3-ekhf5NG2RbL86BrkrkfCEPQN_Db1SxyGKCRQxCJIRPE9dhcp-vqp76eS9shHcyoJHtkUoyYm6yt3pvbiOkp2TZuMZhdVJpefOxUyvGTXVemBtninqWMxtMm4vMrjSpvTd5_CiknRrAqjU7pJfC7mTzSFxmTTnOzkvk0-Tzb6BMVNuUd0rXDZPS-9jowmn9uIa288Mx5KAXIvUSwlPKOaGMhocUzShSfTo7a6aR-abMN_NpQ0Na7_DmpQoPjIkOFRsfPFRGNgo7vhUrDDBDuOguFONQfReewUUcCMGG6PJYyoabZSHOXCc_qwYEXDTMQKNwR2hw&cid=CAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=1668977864976698000&adk=2476403952&idt=98&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4299639b513cddb76b391c59ff0c8ccaf748d15857a0330530ba81b7acfdd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12180
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8FDF 41 KB
13 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BCSUFm-2T_Om2jFHelJzqV7X4vW-t2G5ZvSVhdR0RfwZLLMtfHPtOytyqhVtwMmJFu5TX1Bs9-D--_pebs5eyLQAlNsqeBVREP4YWjO7VSaA6slCHs3N_anYQ_7N8hW7YY8rQGy47Te9NQsz4a4EaRDn2v58atpCmu6fsdgNoqL0gwrvo&cry=1&dbm_d=AKAmf-B2dG3G_AYUKXcWpvjPbEgrfMoZH-NFvUb2_h2-GNVPxEjzHWv6kBp33nSi1pKmlbw3BmXK0UxfCfjs0uOjyU1TwXNB3JyGU7z0dEl2Z757O7jIYpfSoQkUi7_N4C3nhKhMX8tkFrJScKn4-gdH6CFgzaXzOT1vC0tgxqVipW5mIg1JWxSkDGqu7w8dbM1guiPWpv25Og02fnUD_4u3OrjgmlqRWCwMAQ0X5g136vrde5MZ4shpmGuZeQjAp7wZUC5XvbJpck0fl8qjfruhkQzNwJq5XT7ZmBdB7-oQyTdfo2cteuHLFUZMSE3FyU0dLp16DlRgjO3SZftpll1IKkOmfw_Dr6GyRWsvSITZjrDGA8aiZMrRGM43y3CVxZBQxVtWG6z2tG2nE4izaQoZwGU8vhsOPCe0Ur-MV7h6v6u1Qqav5fZKkrvMpR1aXbun6ZJL5RI0nxYBPJZV1nNjRu0sGo-lGX_Y-6crE0TmwzmKSlO1fJuLZ6l051lBmxOHNSTNR4txVr3zLBgdFxcbxWr5FnQvLDgQjio7VSw5VKo9Z_Ul1v1IfEB5PZCoqg8Euhu0maVYwJ2jGxyq_LckwjvfTLUXf8SCq-2s8kbphm4xdjla_eZD7ZwTCotKeIXNCmAbPw8maTijK2SvZEJKpLlQ82WHgD_8nx8lJuOHJB4xj2ggQtv1Vp00qganEtHn9G1GXDwFWuRkPQ2Rfd4MIygTzP0RnzgXEtTazcBRpb5m72FTWuvZQE9uORX_QGPh7XaCnY3ENhKn8Oi2UXjxIriRw8yOwNK8CL1ANE_swtmgGQZJPfWmSvE56S4obUt8Jt5EpVO-49a5_KKu9fUi8bMgsjQkIFGQt5MinD43Fcrat6OiV-bO6WaFQP0OSNDLyLd3KSHj___aA_vfEvj7lQE1k_59XX2JgOMNLYvBIyAShbirjjC9AwDIUxm4DK53auAOSYemyFYPzGWECiQwUaUuyJ8WQwfU0CYGvaYWxefYv-Ofqzb7coHGWjbeybZdfJxQhVLsP3HAnobr3H80LoYAsct55QTitZeC7GTsoQ0VtkIhuhnrpQapvoeo_ISo_9dU4U1lPXOFzOj9ffa5Bb79WlaanzEFOOe3LngrrKsdVKM2NjMnLiWBRLSAHcHDHatJ-KvFbyHNUvhhriuC3rN_ZykuJaxNkqYQZWLR61R2HvvtZLOSsH8qc9TYLC4Al8N1gRJ1yc29P0KhOrOxwsC2ZT3TjTk1IX-Oer7JKn9mN8iOSrDeARcv_bHsz6XfWpvvhBIwHKxN57IwQD5edBEUY82bWU5AR9jhUKxUWMjYNoVaOTUBfSKh7JNfoacaJHnXob-Stiqx9JIXKaxRDAuPmBk6UTWJWEObYSyCRmFbwM6ds2GZ_rZ_65Fi7xJk3seZQ6i0vrTr1gH65_2kWgOYvdP5v20o6LIyyfNaVlFjsbzUFP1YcyZTdCH9mwSIAHoG_H0W3J9LjfwVNBV6JkWxH7XMcZQHH2DSQ9KwnfWWfrMhOjcWwbRMdu6ZUPqloD3nRTySKPrWY020kxOKVeYKuDFav8N4g5uejUBXtREb1QAU_1rtFaya3jFnKsV8xPpDascbdTkUnoorAiqi1By5_o1wZZOAof0uTGJ02MA2xyAmkl6kovZ5yV1kw76YRiGCSzqwf9Q1MpiXCg1ubD6crQJutqttCRMoIP-UnwNB-7aPHqccrEi1lAebz67qf_OVr9D7NpNmdMNr532YQMESvjxakWNUrbEFtQQzZoUri2BqWpORZraW_gE7eQEFOhLOA1cg1NyGU3ourLyYhLI3N6KoJKYcHH33em52Mc3zl5nUnRmvHNhrVKU0JTHrtTpwErzflpJKYa7WgsTmNSrX-KXftHSIg9OIEw03z0HhiD8Q0x6jN6CNLJS18zNsMOiyk6K3t1tMu2mGOGfDxpFcqszOQLv3iIZqauVuxvpMzm6PvISRW2UmATRH0Y-5RmxKWcVELl35qWMAzSOVw782iiKGXc0aFGRxekEWLr7NB-99MxizUlJp2_o_ZtpKSG_dJCcYegUJDnOu6ND6VIgprHRBh86QLvy55ftc44RmfnYof_TU7Cc0sjo6_oKevfTsQJTOS4LUxr3MFyt0ylN5r6_w0UPD2BpjmbxDKqZBLrA0pr3cc2wzXUAcsrWw7BhESYs4RpppP7DD96w6oXeAdAPUSTzthw1ap0WEOOlxA8T1Ug4iQecx4JcZhP2qQJLkN_BFhy6fgLn-x4e99m0N0eBmL337si_MG8eSRkKmxMjil3rv_tiEo6Pk91Bh-u-NpeaFxLYMh19M2b2m6VZcD3jcMRMJJP-5noKxWzTQEo7ldmcDGQ538yC0I62A0HPuInP70jUXrT7WpJngkgR8Xe6m7qlYDXF-flvnFp38VuUHpgLyk9gxQyfNdRNj8WHWCZXIzFiddVqeSYNajB9xRm0TorediRhVgdB5DZuDDH4AuxB089q-GARR34pPrvdnsIpDIv9-hjCbP28WYWp6NM0xbBLKs-cE0Gfu0-wVWFjxe5EJib8IVLkqU-r2x-hc1D3R74LlCAPjhDPV3JmcTNqKRNYRAYdJSHnfEMq1a7WiX66IHbSMOkQw4pdyZsB40eeN1_XaZWh04xgstiqAlzDaeg3pMherqKXYK-7kMMDYRwaDielY-O9y4ZoAQPyXtqdTEPsXXOhMndsjTVLjUiRYOEJ8y-kp_ZHG9EJqbBjdHYWcuCmfx7OwGfb3eV5Tr2cciGQp-xCkOV0qX8_tYT8dHfTB2tgVs7EHEIoqHcwvU0QSGwfuw4xm9c2FO41DYiWwncpfyh4AO4MtGK7dkOWSXkUtQF19SEyPSvrmK-JR3xokhQCdCPZA9FzyZHshEQJgcsOtVqBleLb1gWv4sitiCDHj2Cn0MFU25dVc2-5t71L4Li9kDQFuEr3ZbogGKYb8HpUgY0aMCWYJrQMnMprXfOkOTWf_ELOw7bv_3pUSs-uj2-mX-rzmZxVrud9uUyIGi42L709D8waAKp3SL4b3l1uBquOIcgIHHP17dBMIF7pSI6oQjoHmKE7PZk_WJnYHLu9w2guj0yBcyhF_-A580GanRgA2QhqCuvt-MVCMwd707a0zgHJPWhZQ_Z3UyFvjL2ox77ZoYvRqghw6BBKvOuNgPkDYDuPOX4RtEFN3K3Bw3dz_WJDu7atRO1BzEFi1H2B2rTxPeXVdQ_baz0qYCMVwJUaeXBAo6DbaS8_f_fo585lERHUpQ0R8OlfBa92NLI7eOgqA4FBVPiJ4useVmyJwhZfJCYm0RqiJSj54d5DTkGUMTFKX_xK4xIFUwSj-w7T-_1oAWQXVV9BswjUin2cbNeIiQGa4QB13TuzYvi_m9XYXGlGGvoXr6UKmr-4rE4HaqAZyWWWvB3mvgvXYvWL5hJJbUvB1IJfldaXW4QlIflJULdDsLJFLTMebhWlu6Br-xOd17iTUrh3-ekhf5NG2RbL86BrkrkfCEPQN_Db1SxyGKCRQxCJIRPE9dhcp-vqp76eS9shHcyoJHtkUoyYm6yt3pvbiOkp2TZuMZhdVJpefOxUyvGTXVemBtninqWMxtMm4vMrjSpvTd5_CiknRrAqjU7pJfC7mTzSFxmTTnOzkvk0-Tzb6BMVNuUd0rXDZPS-9jowmn9uIa288Mx5KAXIvUSwlPKOaGMhocUzShSfTo7a6aR-abMN_NpQ0Na7_DmpQoPjIkOFRsfPFRGNgo7vhUrDDBDuOguFONQfReewUUcCMGG6PJYyoabZSHOXCc_qwYEXDTMQKNwR2hw&cid=CAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE&dv3_ver=m202309120101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=1668977864976698000&adk=2476403952&idt=98&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 14 Sep 2023 20:57:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 153504
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Sep 2024 20:57:42 GMT

GET
H/1.1 200
OK r4yapv8fhxky Show response
hal9000.redintelligence.net/zone/ Frame 8FDF 11 KB
4 KB 97ms
28ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/r4yapv8fhxky?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D
Requested by: Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 00f843291632ae4b215c4519825ffcf80724b62b78a8d3cdfcc6f1a0110ff22f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 16 Sep 2023 15:36:06 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4194
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B9F2 22 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 153504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Sep 2023 20:57:42 GMT
expires: Fri, 13 Sep 2024 20:57:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 U2NgGuF9el-mJsFXQu4mM6YCW1zF1vGv2XWOCJKEcfc.js Show response
pagead2.googlesyndication.com/bg/ Frame B9F2 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U2NgGuF9el-mJsFXQu4mM6YCW1zF1vGv2XWOCJKEcfc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5363601ae17d7a5fa626c15742ee2633a6025b5cc5d6f1afd9758e08928471f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 01:33:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 309739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14685
x-xss-protection: 0
last-modified: Mon, 11 Sep 2023 20:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Sep 2024 01:33:47 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 6DC2 3 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 11:40:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Sep 2023 11:40:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/ Frame 6DC2 20 KB
8 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230913/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 18:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 18:29:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6DC2 182 KB
57 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57988
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1694604874705780"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame B017 49 KB
19 KB 42ms
42ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZgACDP0A-SIqAABmeE41ilzD6q9z8eh7Sg&u=%7CDOEprBICNWG1MWHO0TTasPQlI9faR%2Bf%2FhQs1JYURNAo%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oVqw7Cvg7ORav6XsKrfZypYKuspo5MklQJGJaQ5D3HuutBNk8kyd6SzsXQpWqg4jTa93yXyRURZ0whUXno-wRluzvqhfFjXWzuxjNzt2YXX4hMFKbONElaoqWB3D6xHJ3xUvIji5crKSwTNLyjvy-bvI-G0WCssrP5-00__blQZ5tcu6kGHQa0xIVMe_PVsD9YKY9Wv7rnLCwQkl2SGSTF8lc9AOyV3DppJVU0dnCo9iM_XbqZZ0t7fcA4zpoSS3sLfRhFtWp7dK87j4GPgj812kM-P0Z83VOc1aXS7RzCJyZTNHGZZZ8Ys4VgiYB53LdOEBA7D-83QhZ8LIgKqMz0O6UsqiR_0S-z88UDH_3lcPAndXkM0aew_i-GgUQbCe7_MX3t86iOZLk3b2PjcUEoZtCS19kI72DDN9Tyyfj8faqdVU1A0boGlTwN05EhBDtt_YkEo_6js65fV28n4Fx3axd2nUcz7087AWFg_sGQGO9x2LF6Mbkjz17US2lWEGjDu0JQL9S90FruJmJahghOsi6MAfPeDpd0IY6SkbLR5yCKOK2ODT4f5lwvM3XpOJ-7CqDnZckTOBSZikkeK3L65YXd-IcEPJDLHszusFGjXkhP_PNqgDUXNJtfK9bGT6W&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJkXbZssFZf2ZCKrE5LcP-MyB-ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAgjtKgQm4bE-qAMByAMCqgTOAU_Q0LvJa0KnWFPfy7X0HCvjz6i3St_bKKak4bsbHNV1Dww3PVA3nXHkQ4QurmwYJy1Iakm0hLoQOnjqPeZakDyq8OMmu_UVpnVn9poD-poOF4FPUudAFY5HQPT74jtq_2bSiu6GKWUGFG6LNGdDv01vzpau6xQN_-82aVgmntktzgONTAg0TpoiDcY8kdXanrp099bZFjy2DIJ-EAHsW7bKPNmXFSe5yN3qrwaOrQ2Ysk0XGin9-GuWKi4xKYKdShtO73AH9GSw0db_wn60gAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_35KKwfPNlPm_TJA97UlnCYS7Y9jQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

29232f2f8632469620bc5e1eeabbe22a3e17edec03df855e7b3fade96b7c0fd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hFvXUoRebaweyHzXH7CKcM7L5H4jiYAdcSt1R1uyq8VRhDDqR5P5_2nE0YDJx9zALE7oBaKS85BCOAeLH_MpebjPDOxV_AoeGcgrUsy7scRMF8iHsNzt6McMzQI4y7cLZBiNUI2nfK3ECbe4m8efsF5XKE7hkL5Q9El2_RkM_nXVDE1xSt4sE8Dl82zSK7LM-L8L5iDwLgodY73CblimPouot1R6bsYH7IhxWUAvHRlWcuE2CfhonfMX6YU_TaXvRK4WQQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3241935
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C0FA 1 KB
643 B 20ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 71357
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Sep 2023 19:46:49 GMT
etag: 48472445140208031
expires: Sat, 16 Sep 2023 19:46:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 8FDF
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
936 B

141ms
86ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D&documentReferer=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=3576518558622&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ada8ac39afd00eecc246330c1dc4ec3b2296d23b042adb633d14e68157caf0fa

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 16 Sep 2023 15:36:06 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 91462500097585604438442012449007
Connection: close
Content-Length: 330
Expires: Sat, 16 Sep 2023 16:36:06 +0200

Redirect headers

Pragma: no-cache
Date: Sat, 16 Sep 2023 15:36:06 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D&documentReferer=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=3576518558622&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Sat, 16 Sep 2023 16:36:06 +0200

GET
DATA 200
OK truncated
/ Frame 6DC2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31e248fa0ffe4a030235b972fba4584ca5806a50280d11e70649d79cbcebb9c1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0FA
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIS8oA7622RldEzpy6HHag4&google_cver=1&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlpAAe40cc_Kco1MwL...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=93704F369A474B8B878A81F4D6429D6E&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlp...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=93704F369A474B8B878A81F4D6429D6E&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlpAAe40cc_Kco1MwLmhfZN_gA7w0AEU2n7Ys4kml1H2iR6t5fRTnhwhCdghQJ9OGg9HSDK5

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=93704F369A474B8B878A81F4D6429D6E&google_push=AXcoOmTocwxlQuP6kahazplbAWOlB9ume0L3uRkxe6Lb6hwo82MkE3u6tY6dQ9p0Fc83_meUUAD0Ohgj2s1CZlpAAe40cc_Kco1MwLmhfZN_gA7w0AEU2n7Ys4kml1H2iR6t5fRTnhwhCdghQJ9OGg9HSDK5
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 15 Sep 2023 15:36:06 GMT

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame C0FA 0
44 B 1246ms
739ms Image
text/plain 35.73.212.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEKOBBq6aH3fY0lHrvY0jATA&google_cver=1&google_push=AXcoOmSwAEO9OPoLCCWH1nG2CMa4X5pQuOqUQeIh0QPxhLKEs6GXx4uNg8CM-UDgULT4k58Os1vRk3Bw32TVDS_U0Q-m0AoaesbWB1OHWaWY9THBxYNTQA8sV5JxyA-wT_bcfB1WSxmFDfqhyj90ZhnSVz3t
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.212.134 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-212-134.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:07 GMT
server: awselb/2.0

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame C0FA 0
35 B 100ms
32ms Image
text/plain 18.197.134.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEGW1hs4aUtH2RbYaMiYJ5ZA&google_cver=1&google_push=AXcoOmTkjJH_db4392jvIBJBOEXHlKnfCBvepL0GQ5gGSb6lqN5KtWSgBSn44LUouYnwGWjfkiP6R-11xTB5CMt6UYTIzS4lUJzFep08JsdS1taIHijXCiZVCHYZBTrVv-QAcupaYl0aNOIpvOZgUHU4EHBS5A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.134.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-134-14.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0FA
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEHTWPPjEFFFZbSihspm5kFo&google_cver=1&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2AjW6UYSRDp1evc9u1Hzj2q-80VV3qq6PKzrBE_LC_o_NhsvY...

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2AjW6UYSRDp1evc9u1Hzj2q-80VV3qq6PKzrBE_LC_o_NhsvY8TgFiFyaxGKc2YWZzymLbgh-Gu3qFiBs9h-cnWj5XX&google_hm=Ia1Wb5CtR46T_3TTlqgXS4M

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:05 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQN8-9e5Sy3fC3ePxWChvu6YXJA8uKqd7XHG47csMdXS_zGlpF7uJ3nsqgMf2AjW6UYSRDp1evc9u1Hzj2q-80VV3qq6PKzrBE_LC_o_NhsvY8TgFiFyaxGKc2YWZzymLbgh-Gu3qFiBs9h-cnWj5XX&google_hm=Ia1Wb5CtR46T_3TTlqgXS4M
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0FA
Redirect Chain

https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESENH7pA653wdJfB5ckoQKZmQ&google_cver=1&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1U...
https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESENH7pA653wdJfB5ckoQKZmQ&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1U...
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4Z...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4ZakuoJgDVyaxips0eJmVnlgOiIkDwbtw&google_hm=OG9TNUhRbG1zOEh6UHdNRjBPbzI=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 16 Sep 2023 15:36:07 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmQMYSfo0OkjKIGSbKZxwoUOD5IZOkDvFgmGfAVV7CRGh9BfJ1r-HSTdfW6QyRIjDf5YpOR1UZKJzwZzF-J3VhzgDeKrdw86_swFujr8amMFrW9ygHPv7skiP4ZakuoJgDVyaxips0eJmVnlgOiIkDwbtw&google_hm=OG9TNUhRbG1zOEh6UHdNRjBPbzI=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 298
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0FA
Redirect Chain

https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=24f1f3b0-b7b8-4ed5-909c-22d9c19e0a95&google_cver=1&google_gid=CAESEHw9huF1asfAqk8We-B0Mis&gdpr_consent=${GDPR_CONSENT_109}&google_...

170 B
188 B

31ms
31ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=24f1f3b0-b7b8-4ed5-909c-22d9c19e0a95&google_cver=1&google_gid=CAESEHw9huF1asfAqk8We-B0Mis&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTSdAgPrUAVxrFmkP-ClDJxdCh8NLfZuDmyTwc9Eiu4UPngfgYsnE-mT3GlLKUdYUKoU5RKccepQsZBrru8sAPbhqnFjc6CSQte8yr_V3PfgTttgQITHW9IEzRK4_CBPYdS_FX4YlRXRtm8qVARNcpKhw&gdpr=${GDPR}

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=24f1f3b0-b7b8-4ed5-909c-22d9c19e0a95&google_cver=1&google_gid=CAESEHw9huF1asfAqk8We-B0Mis&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmTSdAgPrUAVxrFmkP-ClDJxdCh8NLfZuDmyTwc9Eiu4UPngfgYsnE-mT3GlLKUdYUKoU5RKccepQsZBrru8sAPbhqnFjc6CSQte8yr_V3PfgTttgQITHW9IEzRK4_CBPYdS_FX4YlRXRtm8qVARNcpKhw&gdpr=${GDPR}
date: Sat, 16 Sep 2023 15:36:06 GMT
server: _
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0FA
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEDUuMuWwPN45CDTAfm5_53g&google_cver=1&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1w...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1wY6M-3-9dy4uzfzgeUDZGmbWFmJv6h4ScutHaRV15Z2xJ6-bg5pcM2EahvXrm...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1wY6M-3-9dy4uzfzgeUDZGmbWFmJv6h4ScutHaRV15Z2xJ6-bg5pcM2EahvXrmQ0zZMsjBiQmGfF8FuIqYEJZiGwbDHyg

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 11fa7e4b.93aa8a8
date: Sat, 16 Sep 2023 15:36:06 GMT
x-bytefaas-request-id: 2023091615360602F4D862A830A6AA13D6
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-54-206-6.deploy.akamaitechnologies.com (AkamaiGHost/11.2.4-50766152) (-)
x-parent-response-time: 95,23.54.206.6
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=7, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023091615360602F4D862A830A6AA13D6
x-cache-remote: TCP_MISS from a23-32-17-54.deploy.akamaitechnologies.com (AkamaiGHost/11.2.4-50766152) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRxXuj4rQyalldeH_o6N1qpXRLT41Ohf_rlqWDKRqwMd8EpO0FQ0rmYkYiSf1wY6M-3-9dy4uzfzgeUDZGmbWFmJv6h4ScutHaRV15Z2xJ6-bg5pcM2EahvXrmQ0zZMsjBiQmGfF8FuIqYEJZiGwbDHyg
x-bytefaas-execution-duration: 3.70
access-control-allow-origin: *
access-control-allow-credentials: true
x-origin-response-time: 7,23.32.17.54
x-tt-trace-host: 014af3859b4d71ee855b516a7c490c87cfd0b61e036ca4d42661600f0ba227d9102234a90e899e5df0b4bf5e427f7f3c3bd13a4d1f02806483f21cbb2cc0e434ac6df986aacdf0e5c7f454623db46fcf068759345dbb2c5c0e10598bab4f0287f079706d333445c03a7ed0dfaa0ee27f1d
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame C0FA 0
50 B 30ms
29ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KwZey91dhsenx8pwpIHUZKtz6rUUvGC1StgIDJVXr5s7g_Gn_1-O2aj9sixu5U8mdwVLCgMIz4cXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame B017 2 KB
1 KB 46ms
45ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZQXLZgACDP0A-SIqAABmeE41ilzD6q9z8eh7Sg&u=%7CDOEprBICNWG1MWHO0TTasPQlI9faR%2Bf%2FhQs1JYURNAo%3D%7C&c1=wLMhjbQtwRerfuYQvtYvucUfx71c_57oVqw7Cvg7ORav6XsKrfZypYKuspo5MklQJGJaQ5D3HuutBNk8kyd6SzsXQpWqg4jTa93yXyRURZ0whUXno-wRluzvqhfFjXWzuxjNzt2YXX4hMFKbONElaoqWB3D6xHJ3xUvIji5crKSwTNLyjvy-bvI-G0WCssrP5-00__blQZ5tcu6kGHQa0xIVMe_PVsD9YKY9Wv7rnLCwQkl2SGSTF8lc9AOyV3DppJVU0dnCo9iM_XbqZZ0t7fcA4zpoSS3sLfRhFtWp7dK87j4GPgj812kM-P0Z83VOc1aXS7RzCJyZTNHGZZZ8Ys4VgiYB53LdOEBA7D-83QhZ8LIgKqMz0O6UsqiR_0S-z88UDH_3lcPAndXkM0aew_i-GgUQbCe7_MX3t86iOZLk3b2PjcUEoZtCS19kI72DDN9Tyyfj8faqdVU1A0boGlTwN05EhBDtt_YkEo_6js65fV28n4Fx3axd2nUcz7087AWFg_sGQGO9x2LF6Mbkjz17US2lWEGjDu0JQL9S90FruJmJahghOsi6MAfPeDpd0IY6SkbLR5yCKOK2ODT4f5lwvM3XpOJ-7CqDnZckTOBSZikkeK3L65YXd-IcEPJDLHszusFGjXkhP_PNqgDUXNJtfK9bGT6W&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJkXbZssFZf2ZCKrE5LcP-MyB-ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAgjtKgQm4bE-qAMByAMCqgTOAU_Q0LvJa0KnWFPfy7X0HCvjz6i3St_bKKak4bsbHNV1Dww3PVA3nXHkQ4QurmwYJy1Iakm0hLoQOnjqPeZakDyq8OMmu_UVpnVn9poD-poOF4FPUudAFY5HQPT74jtq_2bSiu6GKWUGFG6LNGdDv01vzpau6xQN_-82aVgmntktzgONTAg0TpoiDcY8kdXanrp099bZFjy2DIJ-EAHsW7bKPNmXFSe5yN3qrwaOrQ2Ysk0XGin9-GuWKi4xKYKdShtO73AH9GSw0db_wn60gAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_35KKwfPNlPm_TJA97UlnCYS7Y9jQ%26client%3Dca-pub-5884294479391638%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame B017 2 KB
1 KB 34ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame B017 308 B
636 B 34ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame B017 293 B
621 B 34ms
33ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame B017 43 B
347 B 32ms
32ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=IsqXVvCqJUTbLk2oX76_ghYc3bteXoX9eWGPh9ZQT9GAt7pTAknvoCJOiaqPhttUCXG0SY7Yl9FucujZccUOFgmlaiChKg6sgydvBZC787BWaOQEmD0LvdWpVtQISbHeL7mlfT45ZVRsWDOYf46xIXznwO7lPKSGWDvtLCeNNMtjyupLc4aB3YIhpYlD-I5aRvJxBrFe9HgZaJ4lrZyc14CVJvO3fp5i7hs8jRdXCCb3iyrYp8ARLedGatmxGM931Ck2nh5oWzxzZjIAQrsdmz2Fu_3zH8UyPJQm2eRhfjXmtrBqR5SqLPcFhVEBGbtImQcSRM_UDWbLkClxvnkl9PxZyO-RvbjeMEUnhKcgaxZrP1Dp88-Dd-78Pc_e-KnyrftrfvUAZCfx21stCk6PgdCglPD15dUMOBiarOn_zY1SjNFIDOOLocT_xwK6IxSXs57XGNH_-ExHcUyyxJt-OPB08mw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1624702
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cf9b5e0a23904ee7afdc0e790fdbac14_image_ad_120x600.jpeg
static.criteo.net/design/dt/92327/4936818/ Frame B017 51 KB
51 KB 41ms
40ms Image
image/jpeg 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92327/4936818/cf9b5e0a23904ee7afdc0e790fdbac14_image_ad_120x600.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

7dede5e505340bb0dfdaa4597d63d42d48729a0d596e7ee1a83d24b8986b379b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Sep 2023 06:30:10 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64f184f2-ca81"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 51841
expires: Tue, 10 Sep 2024 15:36:06 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame B017 0
127 B 34ms
34ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hFvXUoRebaweyHzXH7CKcM7L5H4jiYAdcSt1R1uyq8VRhDDqR5P5_2nE0YDJx9zALE7oBaKS85BCOAeLH_MpebjPDOxV_AoeGcgrUsy7scRMF8iHsNzt6McMzQI4y7cLZBiNUI2nfK3ECbe4m8efsF5XKE7hkL5Q9El2_RkM_nXVDE1xSt4sE8Dl82zSK7LM-L8L5iDwLgodY73CblimPouot1R6bsYH7IhxWUAvHRlWcuE2CfhonfMX6YU_TaXvRK4WQQ&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame B017 2 KB
1 KB 34ms
34ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame B017 2 KB
1 KB 35ms
35ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 10 Sep 2024 15:36:06 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6DC2 0
19 B 63ms
62ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZjfQZssFZf2ZCKrE5LcP-MyB-ALJntKxXNWdkfdwwI23ARABIABg9ZXOgeAEggEXY2EtcHViLTU4ODQyOTQ0NzkzOTE2MzjIAQmpAgjtKgQm4bE-qAMByAMCqgTLAU_Q0LvJa0KnWFPfy7X0HCvjz6i3St_bKKak4bsbHNV1Dww3PVA3nXHkQ4QurmwYJy1Iakm0hLoQOnjqPeZakDyq8OMmu_UVpnVn9poD-poOF4FPUudAFY5HQPT74jtq_2bSiu6GKWUGFG6LNGdDv01vzpau6xQN_-82aVgmntktzgONTAg0TpoiDcY8kdXanrp099bZFjy2DIJ-EAHsW7bKPNmXFWW76U9qPNazC92_aME3843z32EgIAApqzZVd728UG4r7Px6RfYWgAbL37_7l8yi9RegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU4ODQyOTQ0NzkzOTE2MzgYmdIh&sigh=mRaUPw5SzbI&uach_m=[UACH]&cid=CAQSKQBpAlJWbvninmml3qMnvEpfC9Ccurbuvdnp1Rgu470arM6rakdgYQGSGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1694878565576&bpp=215&bdt=172&idt=449&shv=r20230913&mjsv=m202309130101&ptt=5&saldr=sd&is_amp=1&correlator=1393&frm=24&ife=2&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=4292152565&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759842%2C31077774%2C44719339%2C44795922%2C31076998%2C31077890%2C31077910&oid=2&pvsid=1779534039743303&tmod=1665370545&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.5yz2vp4p32o1&fsb=1&dtd=460
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 6DC2 0
125 B 33ms
33ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4v1F-iuBHjYBJ2DYgICAAAAsWfxCapMb_AMxl8mCK_LhhBlywVlJxd9SEH__ncw-gAAEgAACgpBUVVCRHdFQkR3&wp=ZQXLZgACDP0A-SIqAABmeE41ilzD6q9z8eh7Sg&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:05 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 162475
server: Kestrel
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9F2 0
20 B 124ms
124ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bp_U7ZssFZZD0FYfu3gOuqru4CAAAAAA4AeAEAg&bg=!YmGlYS7NAAZQjyUVcI87ADQBe5WfOOUpvKzV1Wry_vDqlpv_mxf5tA7DE2776mcSF6NxiQiCzoDwzqGdITpDwUpCdjzVAgAAAHdSAAAABWgBB5kDVGeRIQkoVHwpeaesKJ0zlYodhcHkUmgeoU5Tmn-bM0MmQOOO9mu29QPm98xMaVg_bHuEiKM7_x7mbkkZdR84S_J0pvG5cyvPt0xp5GUhWoJ6TVoCdZAroSdx3qhINEwZkL0643xOy2ON3iEGD8QqaF92t3RrV27HJ6MABksPdH525ifgCeURjZeBV_kxjp8rINnz8obmzM85JA8x9Clk87ysJnSr--RPgIkkAr_DI4I9rKF-maq7cOq7jBjql7gJLDcFZWD-x01eLctfIKiM1b9yHPnzf8vfxgSs3t107vTRuZF_PttcRqGDj9UCrg3WO0BneutQbwIhwt2IGrzc7wkja9Hn6kUuhHX0q7GSKBZaN-Ybra1nbhp48hoQBQ0_CFI9BjUXQUhVoZPe_7YJBAhwtuyX8ILYBucbeDvMI6a0nhnwyZOoVLL0bn8USrpzPO-Oem_P7pKL44kmLO-C2FO2hnY4ig-GYMYWzvcqZPnSc1LZJskp7MVvUINXM4vsfboC9TRpqMk7gMspLivBf9VG1r5P5tQPe201ZRM11tZ4xUKQ438cFKOUZQtYqKcQi3_1au9_xLwD1ouP6-wz-w7rDE6TwRfECdObD2HFkhyBefJbw0uRPLQ2lNqpCW2PIanWRdsVxTMKtcruIEJWHeXFDv51zyixxj0qp9eKy2fxNQ-5vbT3wv03ZoUnN2aQgVdZfHda6pJaMefdNxVwyXGvL6GE0UyVGsch5emENRoaG7HtKrWE2rTtt5HCfCb_G9fN-yo1jP-MDBotFNSa85QyNLwDKjGW4iMmK9wdOKayHKHZhzASGg1EdZ16uVAsX3Hilw9enkjByFwKGAIFFEmT5Sy5JFJVP2y9EzaIzDd2MEhdwu-T6uAPiiihyth66bgncQPsvI8tPPKJJeCaA6G3lz5X0AH55pGZ9B2dLQm1Q3SuOfy3GSHsWE960TYzsmWWVzqYSKg7JyoiRmjF_giwq5j7g453zCNhUltLYeN6RNGjiPV6N4VaZpSO0KtgLnwK4dkaCSHhxDaISeUScsYMlXM8l2qYZinuv7dX7wDyGjgfO_mSGm0D5LQHRp2y3AwRdEMYhkSxCF7_ZDqWb3xguP9dL2hCJiF2XB8OLVqWYjK1OA

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E9AC 42 B
64 B 126ms
126ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstzeqyxhNtQEZ8pEvLWTY0iIKNoqehb6iy7_dwwAplFlPUqiclc2l320cukgLFISRDbK3IY2rCcxdzNoogPXyIzcdEVNy9MWVjzeGI&sig=Cg0ArKJSzH-WizquZ56VEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230913&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1694878565309&rpt=309&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F187 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuEF6mdSFjfrTVnL2BeVrWxF_I5VELQUF2RLa68vQCIiNsfnemZjn-O6da6nS_uwpWtTXsq41ch7BHQ217sGj8A4Qxw8Qyjw1HayMxMpa0o_kx-lZGOXW0OwBk5bhLxDm-KRTtgeAnOvUgJPB3wS2e1qO8uUkQszuHNCRLXD4A05XNwIVxNWJswig8BihGXIuDU-LdRjdR5oi0xEaHiaL-MYKbmKSo8gqmxJkP0R-4Nv3Q3WnmXn9PA2yR7L5AGmRuTw5rZySnKZTHfKWejxXx-0vkc_Ek7H7QKIpleOeDaalKZBsBG8bwsC1n7KOiRoGSVdM0BaHZf9tq5-uEUkTIJAUHLoS559vimAxL1hHmn&sai=AMfl-YTRFYPa8lY_OHxuXe1Fl5NxBDgop0XD7piVtbT8fmchNQiJFWiKAZ0-7euMgluI2C0-nfef0PZqOyHiPQc&sig=Cg0ArKJSzORzO7LLw66ZEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F187 16 KB
12 KB 73ms
73ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230913&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309130101/show_ads_impl_fy2021.js?bust=31077890

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fb2122334cadadf71bc7d0ef62f79bf3e92d73665d99e5ab45facc767175b12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11988
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4B39 0
0 134ms
134ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309120101&jk=2843410654813695&bg=!GBulG1TNAAbP3fMH7907ADQBe5WfOMz2cPufKi3dKYW2aqHhq1AvMeCqt-qhlpJHqqrTJKvBIObjWrCyyNBU1EdJFkDHAgAAAFpSAAAABWgBBwoAPGs8L8arVOj1KhAP9XB-QoW52ezssEvyZlitoWwoPQ66Fg9-3mu89yayCO7PXJFCkEjzs3kATwJYSIgdCJkDGODk-ZnKebE51tHn2IIFoAcHlDYw7NRCv_OBJFCX4qxYl1ca3UaFRwx_ziGYkQbSO9srAxFgsAoeBLPeSzoBpIHVGsqkKDywlzolydbsxAD-Wpu0Orlzpg8zcR0XIx8Sh4fRb4NvT-XYbwYoRdZ2c45KvC3wSityAtKsg-Og20wnuod09gAJoM9u_hYdryrL8kuhAB0lyQyOl2spfxeD_iBOVfT8nPBVWygKUSYBdAxNWXNSgtdwVu3b60EK9hZJ2KOINDGB_oy9v5MkcKaUggwHbzTRAhXa9cw5MK2bKkduFxgHRWoJEDcXcaXwIPvEFMvWzHdTUT74T7gDLuH0Ev01raeJzjnP5oFeboU-0OpK8-w8FERLq2NywE3XW3RaMBYbcn1j2lYUeSvESxGX0CLqM57rLxPkvyOWcQcGf2DXv0V1tZIkU8fU4gz1D_-H7w6jD-rZrCl8wW29ASdMqMDE_sFajjVde588mWLeR69aD-cudgkCYFRAELtpBNUWhIRvRDZ0dp0V3U1mWem-0GLzAUVSZ8epSVfBzixzMWapndY9Aabn_KYBPYA5a4ukw5ooFGPPAeqJKE6nZ6ZUs569N7HaC5R5bVpxFvsfei3WO1e_SEIrD9Xxn_hebZ6fjwTJcXXBHYfYEJCZol4PkAxbevjsRqOi-EqD08EAEqmBbZawTThYAxO9-ogo9bnJt22YpV2kLQwfyoIyz9yLo1MKEy4p89qhU1FQzIerEON79nhHPpywyhoxX32YSWzLHld9qpDAyME4ihzkbPx3SLsTesvXY84gLYQmsu7GiyEwuPJTc0mjv1opFvpcbICKpetUVf34InqmTJ13KMJD-sYZbT-pn_ZWJuZ44TxU9NeNfx7aQ4allmljTxEvJupTcaQtJD8SfF7Xk5cIpG9lBmzJafFvTw8pL-5nFxTSf-IU4ZcJqW5H7yACWWLGT0E4YOozeBTRMlwVIYJCJevLT4qtk8SlEqi3zIo3y3ZVBno3_RWPTbAuMD-9ar_2cmubs4AAxzeLkvf6v6t5LD7pCToTX8Ksum4z0Q
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 965C 4 KB
2 KB 80ms
29ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=91462500097585604438442012449007&a=9bc051eb
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=3a58f42bbe&subid=&uid=478413b32ee42553&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCc5GVZcsFZbenN4ragQef1L24BZHB0Jtpy_aDktwP8C4QASDTy84wYPWVzoHgBMgBCakCCO0qBCbhsT6oAwHIA5sEqgT0AU_Qb0aOCywtmKYEPkEPMvWsVTgq4rgDEMbl7Hc8N2hMiXXTIvxP5p0Ta7c19jD0FYpkc48D33P_ORph0yn9AuzDzI4bGMUPm9jW0AaruBQd5FOV_9OwaBdfvXIE_1eIXgwR5j2hO9kU2eIgktwDGrVPOah-JYgGVextYy0ZvRv2FVZJIMyjZYWZfDeh1gjygANMLUgODEgZ8XYrv5Qxtf9FgoXDPvT6ratbWVn3BVan_AJbbnlXnMXJtMdFZNI7LhamZtkbXjBnXibkSDBS3QVuBKbIVcn0n0QJ9ow-f1pqRY2tPSxZuaFmAFe7ylUrkP4DE33ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQGwE5W10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI9-3u1rqvgQMVCm3gCh0fag9XEAEYASAAEgLEN_D_BwE%26num%3D1%26cid%3DCAQSKQBpAlJWrHN16uKfr0Xu67DBDxtiA3hrCv7IoenymbbgV847Jo2wstHNGAE%26sig%3DAOD64_17jLugn1dLEm6kmD2vJB7Q9FBoIA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-Dv22AnrfhKrcmkacV434nm-jV_2p2F7gIe0dJyjYhJznZUr7Br5sSbOi8duVLUCRm4rjc_1WyPpEQOklIcxoKwLpchLvuUgLT_Zjr9rPRoxzq3eLJiz7r3TIMYSCeswUdO6w4Y8Eoc7TlNwZUdjU_d0boUwSZZxmOnjeaRhUy_Lc2Zois%26cry%3D1%26dbm_d%3DAKAmf-C9vXNsrkUkO4xJcNTtp9Dp44QZ041a-o6Ub8_sbHT0yJo5IO4g2gEMbsLfJ-qTOwHAhiB88d4I3Q-fMfaNcPSKLVsx7Aj829Bwv1H3I6Gx0NlGBDOB-G4AKk3Lj8XzLssjbjtPsdbBTwn4cCZzUTHKcGtDS3soQ1ts7dvtamWhbXuymoSxoNEHPZSHZacjt7iB0Fo5PY9DtF_QBghKs8OU8dYMdAijn0HezhtL7JeoaMU19FnYH4eb9UGgmyuQkxYrdgLtpf9wKLEjWU8dPsDBfL5WfK7edSQ5L0la-48Igxu5ZDF7z5K_JgRqO61ogJNrjZ4b8o-Ly8z_yLFQdyOJYdrlvL34P8GNGRdy8vEV80UF0qVHRcR8IoQUAnyOomvpKmRF8aA5ZTamydDQHxhJJUmxv__m_1WJy6jEBSP3_ZFAEMfryI-e9HrZ0WZd1fkBbXEzh161BvID8OK91zUoErgdHgr2a1D-Ccj18xRsbNuchTXa-QTOH9q2JqBW5IPYWzZYpoJQvswEtjKy3W2xaDvr7ci7d5EaouT-7ahCPyYlk1tvw0zpj9i8vuJK-uvIsksa4QRMJ0sH9bX0IP7Mv-SZwMw-rHRTL1Tz39sKMBGf_ks%26adurl%3D&documentReferer=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fbe753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=3576518558622&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 37a021f7d5610a7c51aa96addaddadd8a2bbfb684853ee8686345275a2693270

Request headers

Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1413
Content-Type: text/html; charset=utf-8
Date: Sat, 16 Sep 2023 15:36:06 GMT
Expires: Sat, 16 Sep 2023 16:36:06 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F187 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309130101/show_ads_impl_fy2021.js?bust=31077890

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A674 1 KB
643 B 19ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 71357
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Sep 2023 19:46:49 GMT
etag: 48472445140208031
expires: Sat, 16 Sep 2023 19:46:49 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 4A83 0
127 B 31ms
31ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A674
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEBYpOZ1LZlgiMtqC7pfiJAU&google_cver=1&google_push=AXcoOmQez4QXzhqXu4xl79LAJC0Lm0itCQmScVDQTVLZPVrczSpjJjnvqVNTLdVIJU1DZCjdWZWXhT9dCx7qVe1gXmz0YeFXY92KhQ
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MDdDOEMxQzY4NzFCNkY1Qw==

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MDdDOEMxQzY4NzFCNkY1Qw==

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MDdDOEMxQzY4NzFCNkY1Qw==
date: Sat, 16 Sep 2023 15:36:07 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A674
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEE46ekCXGPdT_QqCDfR-g8M&google_cver=1&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVE...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVEJZqrn&google_hm=eS00OWhMMTFWRTJwR1ozWV...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVEJZqrn&google_hm=eS00OWhMMTFWRTJwR1ozWVJmNm1pODB0MEdGNDZBZVNrS35B

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 16 Sep 2023 15:36:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTwz1qNbZHa7fuSF3NsamMoxLWL3u_cBLtD_9R7gF1odKis58dJjaBBgpVffjMv0AHjSJVBUXhbr_R1qZQlVuxXxVEJZqrn&google_hm=eS00OWhMMTFWRTJwR1ozWVJmNm1pODB0MEdGNDZBZVNrS35B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A674
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEKfDW48_RHhX-1Rv_9lcZ9s&google_cver=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKfMN0qiAuwZ0A2OiG69nTfmIKZs1kIbD4D6KQLMbCpmty6vvhIkKRQ9i46TdX1luxrgxFjf
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&mn_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKf...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&mn_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKfMN0qiAuwZ0A2OiG69nTfmIKZs1kIbD4D6KQLMbCpmty6vvhIkKRQ9i46TdX1luxrgxFjf&gdpr=&gdpr_consent=

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 16 Sep 2023 15:36:06 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&mn_hm=MzM3ODgwMTY2ODQ1NDc1MjAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQQCRbbAP3ygWrR-4Mlp3HORKfMN0qiAuwZ0A2OiG69nTfmIKZs1kIbD4D6KQLMbCpmty6vvhIkKRQ9i46TdX1luxrgxFjf&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Sat, 16 Sep 2023 15:36:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A674
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEEpa6Oh6d0AfQ467wIGnLNY&google_cver=1&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1leN8mJJBwCOZ8AHUPKA2U_fxFNo2BCXS31RyTWkHiW54DM&google_hm=QlMuZDdiOS1iZTM...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1leN8mJJBwCOZ8AHUPKA2U_fxFNo2BCXS31RyTWkHiW54DM&google_hm=QlMuZDdiOS1iZTM3LTRkZDItYmNkOA==

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmS27beC6cKS9BENeDPWRwPSvS-HVsrB8mN5ga6XJl6msScXBnOm1leN8mJJBwCOZ8AHUPKA2U_fxFNo2BCXS31RyTWkHiW54DM&google_hm=QlMuZDdiOS1iZTM3LTRkZDItYmNkOA==
Date: Sat, 16 Sep 2023 15:36:07 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame A674 0
34 B 30ms
29ms Image
text/plain 18.197.134.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEGW1hs4aUtH2RbYaMiYJ5ZA&google_cver=1&google_push=AXcoOmTzEreNirYUMA1kXtqAToctNPKxx-EbCtyjRwLNH1fEn-_p964KktOxbIZEQE0Ml51ubFmw0NAEfI2_bNmQ4EbtrXTRrlQpT6M
Requested by: Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.134.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-134-14.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame A674
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBcJGrtFy2Z7jA74GBFEUBU&google_cver=1&google_push=AXcoOmShwMnJj0ggJ_2SHHJ5CNi-W-9Psgv7jem4xUJ6kHwUlyudp6bI0ASVhSoMJQiIrDCjgDDDdvayVpA...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmShwMnJj0ggJ_2SHHJ5CNi-W-9Psgv7jem4xUJ6kHwUlyudp6bI0ASVhSoMJQiIrDCjgDDDdvayVpAfSorBcWba9CzQ-mjVJg
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

24ms
24ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A674
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEH8y_5bkc...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEH8...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b052e2b-864c-43a2-a156-8ff05fba47d4&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b052e2b-864c-43a2-a156-8ff05fba47d4&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=4b052e2b-864c-43a2-a156-8ff05fba47d4&%%GOOGLE_PUSH_PAIR%%
date: Sat, 16 Sep 2023 15:36:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A674 0
12 B 31ms
30ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JMXgEjr_Qt19d6eJaI1PbbgBSLStBGhAeyVYqbY08lPwxMV66ytOiT1TX2pHTIH_rUHhHD2moHSA

Requested by

Host: 372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
URL: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C5EE 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 19334
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 10:13:52 GMT
expires: Sun, 15 Sep 2024 10:13:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5EA9 829 B
560 B 30ms
29ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c599a9511188f2594eb22c42b9be7489ccab4f70a16e1427d3ed35e0c8e69da2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wdKq2ex6HH-XDGiJNRxSGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 538
content-security-policy: script-src 'report-sample' 'nonce-wdKq2ex6HH-XDGiJNRxSGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 16 Sep 2023 15:36:06 GMT
expires: Sat, 16 Sep 2023 15:36:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5EA9 0
0 124ms
124ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230913&jk=1779534039743303&rc=
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 D38i8ocviMyns63bFlxz04547CGgVcdJsS8VZS_5djY.js Show response
pagead2.googlesyndication.com/bg/ Frame C5EE 37 KB
14 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D38i8ocviMyns63bFlxz04547CGgVcdJsS8VZS_5djY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f7f22f2872f88cca7b3addb165c73d38e78ec21a055c749b12f15652ff97636

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 14:41:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14739
x-xss-protection: 0
last-modified: Mon, 11 Sep 2023 20:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Sep 2024 14:41:20 GMT

GET
H/1.1 200
OK S-300x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 965C 95 KB
95 KB 151ms
47ms Image
image/gif 145.239.2.103
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x600.gif
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=91462500097585604438442012449007&a=9bc051eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 145.239.2.103 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS: ns3082036.ip-145-239-2.eu
Software: nginx /
Resource Hash: a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 16 Sep 2023 15:36:06 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-17bca"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 97226

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 965C 0
150 B 84ms
28ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=91462500097585604438442012449007&a=541b6d09&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=91462500097585604438442012449007&a=9bc051eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=91462500097585604438442012449007&a=9bc051eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 16 Sep 2023 15:36:06 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 965C 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C5EE 0
10 B 18ms
18ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8s4ayA
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Sep 2023 15:36:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F187 0
0 126ms
126ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230913&jk=1779534039743303&bg=!VFelVxjNAAbP3fMH7907ADQBe5WfOCmVaRqkmjxW3Rv2sO43pq6A4Iz0eoBsJqP0MTnolcuj8_ul8IQ-2M85QBsQ4TIYAgAAADpSAAAABWgBB5kC_cMv-HNZ3VmUkrlDaPpNXioHXxr7ReC-1_FORKp1iVY9W8MzJPaWkasm43h8Y_SmZod-HWNaIKhN3G_9I18G4pimWQ44rbtRIJuS2QeAzxwn-lLiA6Hn4eAYEq37LqhrFaGUaDgpfj_Qhj7kFolhdUOiVuYcxo96F6z1hsZF5cFnkDy0QtZQDsHSHsFSQoRR8wKr07ScR-0wh7R8Zw4CeHKYg0IBKcjkIHmaAZACBhNdlT68t7yjc73oBMJS02ICAKGv4MUx2AaURnG1dnlj4LH4vYmKvH5kmdTLgX-RsqASW1wKQwyQ4J1ypigBIWMEIxgdzQLmVCK0WIRa20l8RFxY_WNtuvGXVFLkRU9-SJFwIyytIP0fhmTa19B12xhE-MB5Exb0-P_gVRLkXspoXkP1gsRSl_TOMm_PCulm3vlnTs4uRp3JunRPFzDV8H2ppL1VRzEZdbaLRwg6E7jRki3aYkrc2WY6MDB5KVbUfVTOaKvQ76jKJFzIVucnOgvFggc0tehTpdJvhdO8O-1T8VGPiCbvcd0WZvmFJgh5XWH_ZyBL03YP2GepZbbVG7JZAQg5LTXOLv3OEqQ6dc8CNtpXNhBFp6gm-f_8w5RhNI7GRt-hvp709WAc8B627qZDJe_CHolilx8h0cu9VSy0e5-RzThAcdK-FMpa63J6lvT_Ho6vdql-7gVJDaU7jXLEXQXlc34wcQaJIfx3y39LmGw5nPKgAwPhBD_fBgyK2Ou48G75CLfZbpHAMW7ufw0oI6F_yi2RRvoZtAt2IVj1AJh03TT37hpjKW18Coxa9mFcJbDpSdBLFscBxlrNorjYSbGwRSzPRFecMKzncF-3ClXLyQTy1XeJxlDhQnKk5HA3Z6OHhTZGYZhVHCPEz9RIyori1CElCZuPrX3Mgvecd0rdLLZk0rnEwH1cHJRR2w4jv1_TBWiZhogzodaHncPfWPpqs-QkaTbly5li8zOFdzatfUMBdTG28xxVQL-gd8n8Yj0LEFqX4j7EA_k85A
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/guoguochengzhangriji4kguoyu-wangzhaobing
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FDF 0
20 B 121ms
120ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8816784583517&version=m202309120101&ct=77&x=1&cor=1668977864976698000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Sep 2023 15:36:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:23:58	Name: is_unique Value: sc12916097.1694878563.0
.statcounter.com/	1970-01-21 00:23:58	Name: is_visitor_unique Value: 1694878563100808970
.xgcartoon.com/	1970-01-20 23:33:34	Name: _ga Value: amp-o9qo4_Da5ZXAfUFCrnVHPw
.doubleclick.net/	1970-01-21 00:23:58	Name: IDE Value: AHWqTUm4GKz3aal745ntCP2LQQmrFhP3au9iINjNYZI5TyorYJlH3ZtM5UX8Og5nesE
.googleadservices.com/	1970-01-20 16:57:34	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 16:57:34	Name: CMPS Value: 2191
.ctnsnet.com/	1970-01-20 23:33:34	Name: cid_21ad566f90ad478e93ff74d396a8174b Value: 1
.ctnsnet.com/	1970-01-20 23:33:34	Name: gid_CAESEHTWPPjEFFFZbSihspm5kFo Value: 1
.redintelligence.net/	1970-01-20 16:57:34	Name: 8lcfmzhxc8d6_uid Value: 09d3a6e826201057
.simpli.fi/	1970-01-20 23:35:00	Name: suid Value: 93704F369A474B8B878A81F4D6429D6E
.csync.loopme.me/	1970-01-20 16:59:00	Name: viewer_token Value: 24f1f3b0-b7b8-4ed5-909c-22d9c19e0a95
.bidswitch.net/	1970-01-20 23:33:34	Name: tuuid Value: 4b052e2b-864c-43a2-a156-8ff05fba47d4
.bidswitch.net/	1970-01-20 23:33:34	Name: c Value: 1694878566
.bidswitch.net/	1970-01-20 23:33:34	Name: tuuid_lu Value: 1694878566
.media.net/	1970-01-20 23:33:34	Name: visitor-id Value: 3378801668454752000V10
.media.net/	1970-01-20 15:08:08	Name: data-g Value: CAESEKfDW48_RHhX-1Rv_9lcZ9s~~3
.yahoo.com/	1970-01-20 23:33:56	Name: A3 Value: d=AQABBGbLBWUCEJtOgDAS06s19jWIA1GZGHUFEgEBAQEcB2UPZQAAAAAA_eMAAA&S=AQAAAigCpTJk5ZdK0GQFGfXsdOs
.zemanta.com/	1970-01-20 23:33:34	Name: zuid Value: 8oS5HQlms8HzPwMF0Oo2
fksnk.com/	1970-01-20 14:58:03	Name: AWSALBCORS Value: FYjNck9bkI4Whpw62VtisLV9LTsYhkL88kAdnRew1HOwGmPZsl7v9eSAY6dXXQbIuDzerWpa3bDQpa9K5S+EMHds9QdISszDQ3NiPSVhYtSYwXd6/hcROHyCFL/V
.fksnk.com/	1970-01-20 16:57:34	Name: f_001 Value: 07C8C1C6871B6F5C
.fksnk.com/	1970-01-20 14:49:24	Name: g_001 Value: 1
.casalemedia.com/	1970-01-20 23:33:34	Name: CMID Value: ZQXLZkhObT31gkT3BKzKcAAA
.casalemedia.com/	1970-01-20 16:57:34	Name: CMPRO Value: 2191

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

372263f007a8a5ec7721c9814e17296b.safeframe.googlesyndication.com
ads.eu.criteo.com
analytics.pangle-ads.com
b1sync.zemanta.com
be753c0acaf4b4a0de98b147e14ae903.safeframe.googlesyndication.com
c.statcounter.com
cat.nl3.eu.criteo.com
cc.adingo.jp
cdn.ampproject.org
cdn.contentspread.net
cm.g.doubleclick.net
cs.media.net
csm.eu.criteo.net
csync.loopme.me
dsum-sec.casalemedia.com
fksnk.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
im.bluevoox.com
ius.ctnsnet.com
match.sharethrough.com
onetag-sys.com
pagead2.googlesyndication.com
pr-bh.ybp.yahoo.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
securepubads.g.doubleclick.net
static-a.xgcartoon.com
static.criteo.net
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.xgcartoon.com
x.bidswitch.net
104.18.27.193
104.20.218.77
138.201.63.157
142.250.185.162
142.250.185.66
145.239.2.103
169.150.222.217
178.250.1.6
18.197.134.14
193.108.153.6
2001:4860:4802:34::36
23.212.88.20
2606:4700:10::6816:2e93
2a00:1450:4001:800::2002
2a00:1450:4001:802::2004
2a00:1450:4001:806::2001
2a00:1450:4001:810::2003
2a00:1450:4001:813::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::9
2a02:2638:d::2
2a02:2638:d::c
2a05:d018:d29:3601:6302:7a79:df48:a6b6
35.170.131.1
35.186.193.173
35.204.74.118
35.214.168.63
35.73.212.134
50.31.142.159
51.89.9.253
52.45.175.185
52.59.55.175
94.130.102.164
00f843291632ae4b215c4519825ffcf80724b62b78a8d3cdfcc6f1a0110ff22f
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
04d75f9be78718605473f6f76319f2120d63e73e3c789b2b41d78896cbe13f63
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bbbe27a91eb385c7f86d2203bd841747096782df337bae2afdb74cf4fe90258
0f7f22f2872f88cca7b3addb165c73d38e78ec21a055c749b12f15652ff97636
11500defbaa242f041a56f73d56baf5863a353904dc06cf7bf5d1c3383a91bb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1e8d7b58a7d85453ef7267e187eddd9181d35c4c8d2393ed9563aa9a0089e2d5
1fb2122334cadadf71bc7d0ef62f79bf3e92d73665d99e5ab45facc767175b12
29232f2f8632469620bc5e1eeabbe22a3e17edec03df855e7b3fade96b7c0fd3
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31e248fa0ffe4a030235b972fba4584ca5806a50280d11e70649d79cbcebb9c1
37a021f7d5610a7c51aa96addaddadd8a2bbfb684853ee8686345275a2693270
37b564138a8c782c7ef7f804054712a1bb75a63677dca0e6e186b82102aebb93
39ee1ff0b8100180a65c6194acd66fe8df19ef44fbc552c97289b1769d41c8d3
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
467efe85f19395240c89559ed17661f02b1b662a54af39992bb8d58158b39a04
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4accbcd793680c2ea0a65714771ef37d5eeb42bdaedba9882dd0d78eae09e00e
4b8f2da9f995d97ac5ec7e385e8d56f851b3fadfd52cb30f2e228eab737c8a3f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50f36c6941b3a0b755df6e1c1ba6919dc8eeab051a52504ff431c3564d4d791a
5363601ae17d7a5fa626c15742ee2633a6025b5cc5d6f1afd9758e08928471f7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b5bf86558934b68f6a6284900ba8f733bd7c22bb3c72bd26471843a44bb743b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62270310d80f372918ae79fdb4561fdec897d897f62fc867a657ec08ff87663f
6264d3993e7b3f1a5d2f658a1a0b8ba142ee16c58dcbf3cdfd6245eeb7d01b16
67a3f2d8d51fe7ab861c3dd7da4d78180592c01c51a2767f32ecac1929c3af7c
67c1279e59cea6744574ab1631416b93433c878cab2fa50fed84cc1fb966ebb2
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
784f7d763849181f08ac96436074fdde66c0de0ea18c02c2614e0e7a7c3b6461
7dede5e505340bb0dfdaa4597d63d42d48729a0d596e7ee1a83d24b8986b379b
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8cb92be76ca5200ce6e0faef88dbcf0a2d4d69b8fce1f8e4bb193ea1bd272b7c
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9d88352b286107f60c320c4c088f718c2a3a273818cd61901edb7f235a9339
9169550ceaf178b5077320a2fd5e054de84c5c701c0e8bd7cd4cf0c66844afb2
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
98d272b4525bce1ab0accaba6ccae87c8b72e24ac77f7b76fa2ad10ed8a5fad5
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a011595b8a7a4aecacbb9bdd095cf4e446e368e8c897b2daf1807e6016137c1a
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50
a2d0d3fdc1c807ba04b6a66564b4db6c0a1d997cc3b655e60f9ae294c5668225
a32cec1a836856c414d203f4c5874cf79d11fa54fed9d8d71a8259ecd3bc434b
a3671b0e800e1dc796dc80b6355102eb496160bbe70662ea24a456bd7efbd0b4
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a4d58f623b483e3915263a9e2166d7d9e9089c5bb8847a6bace607f60ed4c1c1
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a84a6ca534c04f08052f6ac607ae2a27542f87aa164deb19c7fbc48c3d17f488
abb10cb48ee591b0c9f225840cbe5db42325f2b8a6e6de024d42f1b35d2c05fb
ada8ac39afd00eecc246330c1dc4ec3b2296d23b042adb633d14e68157caf0fa
b0d72a01e38febc03edb1ebbe3fb5b88e3976f7f5653af916be131ed3259bddd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b387438771c8ce181ca40d81beb93f80cd4c4b3d596ad2f0891e992873058ca9
baeb44fbcc34426a9ecaa6da2af021848c04d86850235f2d53503f7e2abf6df0
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c2313b832ea2d9d8e3c1b5bd2b9ca3498ffe84065c84294ead0a6617f8c1241a
c44e2177c822ebe1a597f580f28747b1a5ae26854123c593846345b1ae45a095
c599a9511188f2594eb22c42b9be7489ccab4f70a16e1427d3ed35e0c8e69da2
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
cf7f2a6104e3679669f765dcf7152aab7fb9b3214613bfff9791e01722473397
d0c95e145b8f28a0e8a62eb2017b95248f618344fd490af692098d82ff2d8757
d9f08e0e42d6f997f85664e63335c38150a82d4aed7ba2cecd17ad1e2c70061b
daa04b40cc57fb62f7302dff7a37ba18593f28b5b1c8e440204ed483e7c551c3
de07c17694b3b586ecfea8692d819b3fa27a3ed4d895cbb25c48a1c52a8a9d26
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb4299639b513cddb76b391c59ff0c8ccaf748d15857a0330530ba81b7acfdd8
ebe1c1176387a8fddc89059bcc4975c5ce1a3c32071d8b68331c3f33d42aa60d
ecf56b2cabe2c48361ca22818fa72ed1f7fcc164dd5c57868f112ba49dd03f6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efaaec3d33ebcd270624b7a9f5b156a9d002a29e01600db9ec9e22a216b46162
f0b78294ecfd46e494d4bcc0e3db79ed943559a81b1a5c1c37fbb689524f7645
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fb255b5331b2942ad2e58583d06b2aeed60744ada24c7fed2fe380fe6d7e3004
fb30ef503fb5187892ab778c9a3d0c49b5d47a56624612fd390390fc3e4ce4b5
ff97f071dc6af0cb37a9fbff8a10f56277472a4fcdf3fb9cc4fac57b8fa59709

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

170 Requests

91 %HTTPS

45 %IPv6

28 Domains

39 Subdomains

29 IPs

9 Countries

2126 kBTransfer

5193 kBSize

23 Cookies

1 Outgoing links

Redirected requests

170 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

170
Requests

91 %
HTTPS

45 %
IPv6

28
Domains

39
Subdomains

29
IPs

9
Countries

2126 kB
Transfer

5193 kB
Size

23
Cookies

170 HTTP transactions
13 data transactions