www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Submission: On November 06 via manual (November 6th 2023, 1:53:24 am UTC) from US — Scanned from CH

Summary HTTP 218 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 29 IPs in 9 countries across 33 domains to perform 218 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on September 24th 2023. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.218.77 104.20.218.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::ac43:2a0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
67	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
6 29	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3 5	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	52.19.208.136 52.19.208.136	16509 (AMAZON-02) (AMAZON-02)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	52.28.38.5 52.28.38.5	16509 (AMAZON-02) (AMAZON-02)
2 2	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
4	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
4 5	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
3 4	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	2.19.104.4 2.19.104.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4200:8dc7:4fa0:2c07:4fd1	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1	144.76.104.53 144.76.104.53	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1 3	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	3.209.243.77 3.209.243.77	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.250.128.111 34.250.128.111	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.138.152 185.86.138.152	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	3.122.5.52 3.122.5.52	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1 1	38.68.201.140 38.68.201.140	174 (COGENT-174) (COGENT-174)
2 2	37.157.6.232 37.157.6.232	198622 (ADFORM) (ADFORM)
1 1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	88.99.70.21 88.99.70.21	24940 (HETZNER-AS) (HETZNER-AS)
218	29

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.218.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::ac43:2a0b (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 172.217.16.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.208.136 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-208-136.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.38.5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-38-5.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.127.253.7 (Tappahannock, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.244 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.104.4 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-104-4.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:8dc7:4fa0:2c07:4fd1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.104.53 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.53.104.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.209.243.77 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-243-77.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.250.128.111 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-128-111.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.152 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.5.52 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-5-52.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.68.201.140 (Ashburn, United States) 1 redirects

ASN174 (COGENT-174, US)

aep.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.232 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.70.21 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.21.70.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
97	googlesyndication.com c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 149 pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com	1 MB
62	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 ad.doubleclick.net — Cisco Umbrella Rank: 154	372 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 406	251 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com — Cisco Umbrella Rank: 999053	490 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2	3 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	475 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	165 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal90007.redintelligence.net — Cisco Umbrella Rank: 241653	11 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246 secure.adnxs.com — Cisco Umbrella Rank: 495	4 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	3 KB
4	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 522	1 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 860 s.tribalfusion.com — Cisco Umbrella Rank: 2311	2 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 ajax.googleapis.com — Cisco Umbrella Rank: 364	33 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1131	2 KB
2	yieldmo.com 2 redirects ads.yieldmo.com — Cisco Umbrella Rank: 657	1 KB
2	fksnk.com 2 redirects fksnk.com — Cisco Umbrella Rank: 4670	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1403	629 B
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 440	2 KB
2	inmobi.com 2 redirects sync.inmobi.com — Cisco Umbrella Rank: 1562	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 417	946 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2249	809 B
2	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377	1 KB
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 88526	34 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 746	440 B
1	mxptint.net 1 redirects aep.mxptint.net — Cisco Umbrella Rank: 5755	785 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 774	459 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1279	175 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 559	35 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 795	715 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 709	541 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2462	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 9937	472 B
218	33

	Domain	Requested by
59	pagead2.googlesyndication.com	c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.xgcartoon.com 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
30	tpc.googlesyndication.com	c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com www.xgcartoon.com 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net
29	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
18	securepubads.g.doubleclick.net	cdn.ampproject.org c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com www.xgcartoon.com securepubads.g.doubleclick.net www.googletagservices.com
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com googleads.g.doubleclick.net
8	www.google.com	47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
8	www.googletagservices.com	c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	s0.2mdn.net	www.xgcartoon.com s0.2mdn.net googleads.g.doubleclick.net
6	c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com	cdn.ampproject.org
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	hal90007.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90007.redintelligence.net
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	www.xgcartoon.com
2	c1.adform.net	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	ads.yieldmo.com	2 redirects
2	fksnk.com	2 redirects
2	a.tribalfusion.com	1 redirects googleads.g.doubleclick.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	id5-sync.com
2	sync.inmobi.com	2 redirects
2	eb2.3lift.com	2 redirects
2	match.360yield.com	2 redirects
2	px.ads.linkedin.com	2 redirects
2	47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn.contentspread.net	hal90007.redintelligence.net
1	ajax.googleapis.com	hal90007.redintelligence.net
1	secure.adnxs.com	1 redirects
1	onetag-sys.com	1 redirects
1	aep.mxptint.net	1 redirects
1	fonts.googleapis.com	s0.2mdn.net
1	ssbsync.smartadserver.com	1 redirects
1	s.tribalfusion.com
1	hal9000.redintelligence.net	googleads.g.doubleclick.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	match.sharethrough.com	47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
218	45

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G4	`2023-09-24` - `2024-10-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
contentspread.net R3	`2023-10-23` - `2024-01-21`	3 months	crt.sh

This page contains 35 frames:

Primary Page: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Frame ID: 2FA6EAD1E456BFCD4712FE0D6A65DE28
Requests: 38 HTTP requests in this frame

Frame: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: B3E03EF04C76C76190FD5EA07F1F688C
Requests: 13 HTTP requests in this frame

Frame: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: D5D1E3C8B966E2DC6C8D3B7738DB411B
Requests: 11 HTTP requests in this frame

Frame: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 638295EF87E8206DDE640B19A196B4BE
Requests: 11 HTTP requests in this frame

Frame: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 764B161A0479058ED29EF21B7A407A7E
Requests: 11 HTTP requests in this frame

Frame: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 5086389FC952D11170699E2F4BB8259D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html
Frame ID: EDD08AADF55852D82FE6DC3CD5BCBD06
Requests: 1 HTTP requests in this frame

Frame: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 2DA218A8D05CEAEE6B368DDE1BCA173C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597392&bpp=94&bdt=133&idt=328&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=486348941&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079296%2C44807048%2C44807336%2C44807454%2C44807460%2C31078297%2C31079384%2C31079423&oid=2&pvsid=1604962131828914&tmod=200158774&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.l18g5eh85sxc&fsb=1&dtd=344
Frame ID: 36B3C70470856F063DE172A2C793F0AC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Frame ID: 0A6919EEE0E29367FC9EF3042FBF0F72
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046730&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597447&bpp=116&bdt=160&idt=506&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44807048%2C44807336%2C44807454%2C44807464%2C31078301%2C44807754&oid=2&pvsid=1396754070652655&tmod=279062290&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.6r2vddk04jfe&fsb=1&dtd=519
Frame ID: E741994B83AE0722970268317D15566F
Requests: 1 HTTP requests in this frame

Frame: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 70388232D72AB7442389113A1369D0FB
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573
Frame ID: D75A7ABC77646F01BDB08510F703140D
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO37yo0DEL3a0aQDGPKfhvoBMAE&v=APEucNUwAZ_FSxcTHJDqlxHo1r8LODW8WUUpG95nSZ3YtqernqXDM5SZYH3aZ7o0W0gfPC1eLoWNeYfSKP9bwWiV7Zdor6a05g
Frame ID: 560D03962FFE0736B9426E0BB4BE8122
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 171615C632CE67F96D496923CFB32204
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1D21047F2A71EA53B515F30A5EB37DB6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CC75FB82AE018E1DE5C41AE8D8856736
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 08B5B2C9B81D92A0EDC432546CD32B6E
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11400075306870387416/index.html?ev=01_250
Frame ID: 5518FC09CB4CF2C720A6BFE10D61B80B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 42BE5F5696EE34BE4C8C5A9C4361315A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3C91DA76B9FE137880D8A8829C51CEF3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 139CD69DA1E75523EFF88FCD34DB0D4A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1DECE4661EBC977CEBC28BDE80A36B0B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLzpFBDB6426BRjasKX5ATAB&v=APEucNVLrA53fz1EKI2QFsnpGJLVYO-xSPwOhPCJBl4qyi4SvDeIJ8HVqf2cnyOfiinuRR8lHhLAsGWcd6EW_okG2vHtJXdvuA
Frame ID: 47C4983CDE4E9C632C3C8F1CA66FBE45
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNUJvQHDLgoUCFJe8_VaX-lHreD8Af8bD8NsLyNXwMsq6X-Js1js0ekjMQunljhYUjuExZSZbljiqX3yu9IRGFpKVGxXYw
Frame ID: 090E897B875AC22C80810F373615C815
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: DF0FAAAC306F8945BAB73ECC7D7EAEFE
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 26000112070C1992003A1A07EBCB533E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F0E0B0018A131136AC3246D1D1CEFF7B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17714521276683917895/index.html?ev=01_250
Frame ID: 8FE3BAEA88987438BAE701554FA3C8FB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F105BEBEA3DF1A334D7A2B4EE23D324C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E459D79609A82F2F96EA492F52300114
Requests: 2 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585
Frame ID: B27F25B5DB2F87A0682022CB86ABE914
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7652BFDE78A526FAE80C31BA9BAE254E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2B3AABEC4AFB422705297D69E99C1ED1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B369B7C3291915A084874C6F7DF7CA49
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍟某大叔的VRMMO活動記（某位大叔的VRMMO活動經歷）【日語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

218
Requests

87 %
HTTPS

37 %
IPv6

33
Domains

45
Subdomains

29
IPs

9
Countries

3094 kB
Transfer

8139 kB
Size

34
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1&C=1

Request Chain 98

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUhHDuJ2e2V9Bhx3bE6IBgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1

Request Chain 102

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEB1rmdWgge4pFXz0ICySHQQ&google_cver=1&google_push=AXcoOmSt8FOOW56lxhq9lP2f2k4f1Bn_pWLr4vzZ_f-G10PCFwWbjyAv3KgKgepSwSSws1Du8zyqiVh1AG2JqW3DMlCeSGt9vI6S HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1rmdWgge4pFXz0ICySHQQ&google_push=AXcoOmSt8FOOW56lxhq9lP2f2k4f1Bn_pWLr4vzZ_f-G10PCFwWbjyAv3KgKgepSwSSws1Du8zyqiVh1AG2JqW3DMlCeSGt9vI6S

Request Chain 103

https://um.simpli.fi/gp_match?google_gid=CAESEBrNpPGhhSlqBZ0mQAsq41I&google_cver=1&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxaA4fRJbFaY9s9M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6E283306E9A1489CBCFBD9C7FC495B3D&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxaA4fRJbFaY9s9M

Request Chain 104

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPvNfL7t8Kf2klQ-feue11o&google_cver=1&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTcbXA2bjwp4VT3cn1FEJLNTrG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTcbXA2bjwp4VT3cn1FEJLNTrG

Request Chain 105

https://match.360yield.com/match/ebda?google_gid=CAESECIZnEFcI0DnfDQnKc_1qps&google_cver=1&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyzxPgv3C HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECIZnEFcI0DnfDQnKc_1qps&google_cver=1&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyzxPgv3C HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2uCvMusBQjK_9VzWses1MA&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyzxPgv3C

Request Chain 106

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENYnGVCH9n2N7YnOe-SJMgM&google_cver=1&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu&google_gid=CAESENYnGVCH9n2N7YnOe-SJMgM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDgzODYyMjE0NTkzOTY1OTIwMTgz&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu

Request Chain 108

https://sync.inmobi.com/gob?google_gid=CAESEJMUcXR2Jp_qFZjBl2RE_8Q&google_cver=1&google_push=AXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBAkpBuGQ93fUKXdRTFMSqqrRKJUkOWA25GLVfMOeipQQG4v4EQFCKkOw HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBAkpBuGQ93fUKXdRTFMSqqrRKJUkOWA25GLVfMOeipQQG4v4EQFCKkOw

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECl_e3vN9IXxC0fKg1-_JPc&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECl_e3vN9IXxC0fKg1-_JPc%26google_cver%3D1

Request Chain 149

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1

Request Chain 151

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTMzMzVjZDAtYmRlYi0yMTM1LWRiM2EtNDBhYjMyYmIzOTY3

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDJHHeio_GHxrvEjiFPDhUw&google_cver=1

Request Chain 157

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YjQ1ZDczOTItNTA3NS00OGIyLWEyNmEtNjJlZjI4NWZjNjUy

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEBc9awo01JvhLnrrBGpYhl0&google_cver=1

Request Chain 169

https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D&documentReferer=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8702286623613&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D&documentReferer=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8702286623613&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 175

https://a.tribalfusion.com/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 176

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPvNfL7t8Kf2klQ-feue11o&google_cver=1&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgrseZ9t5H5d1RJdjSENw57GP3eA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgrseZ9t5H5d1RJdjSENw57GP3eA

Request Chain 177

https://fksnk.com/cs/google?google_gid=CAESEEpuJP6lk_8AZh-NEu6uUFc&google_cver=1&google_push=AXcoOmROzy3LFRkRN2rXQihloHj9cRR4XodNMsnrSxBSZQZK63RFZ6EBh2Tf2xYIgLewxQOV7lXSGogkuamMWYEdErZT6Yc1AGPdEA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Mzk5RDU2NzdBRTY0OTkyQQ==

Request Chain 178

https://ads.yieldmo.com/exptsync?google_gid=CAESEEQGwSjjA-RGynGtNeS3EhA&google_cver=1&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=

Request Chain 179

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIfzZLc3W66iKf4EhHRi1t8&google_cver=1&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDToT8B-5Ziupbvmvj0_zeQHRSg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDToT8B-5Ziupbvmvj0_zeQHRSg&google_hm=NTU4NjUyMTI2NTg3ODgzMTU3Mw%3D%3D

Request Chain 180

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEFsOMHz4yMJJ_BH3p1_IEEI&google_cver=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4QlW5e9JO4h9T63W-c7v48YKCR2gQ HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEFsOMHz4yMJJ_BH3p1_IEEI&google_cver=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4QlW5e9JO4h9T63W-c7v48YKCR2gQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=l4p4HuavS8mrlNhd_hj64A==&no_redirect=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4QlW5e9JO4h9T63W-c7v48YKCR2gQ

Request Chain 181

https://sync.inmobi.com/gob?google_gid=CAESEJMUcXR2Jp_qFZjBl2RE_8Q&google_cver=1&google_push=AXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-TpMRFkQUrXfDJQoB3PYx30_oWpFiFtscem1VzTs2IsfgXdah1LAMKw HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-TpMRFkQUrXfDJQoB3PYx30_oWpFiFtscem1VzTs2IsfgXdah1LAMKw

Request Chain 204

https://aep.mxptint.net/sn.ashx?google_gid=CAESEKn0nk3SdhxONDl4hLrF4nk&google_cver=1&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0BGVaSaOxlRxFomoSNfyePnwR9mpiQKTvN6pPMaMipFiV15tvCwO_brhy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0BGVaSaOxlRxFomoSNfyePnwR9mpiQKTvN6pPMaMipFiV15tvCwO_brhy&google_hm=UjM1Q0E1XzEwQkIzMEJGNF85QUU5RUZFRQ%3D%3D

Request Chain 205

https://fksnk.com/cs/google?google_gid=CAESEEpuJP6lk_8AZh-NEu6uUFc&google_cver=1&google_push=AXcoOmTlOPlfSoLHzWCMF4vUE_19Yu1iFjKHzUta0JgSPEwNxG758W8tYDmwtvFzNfPLmd5fQ_47s42LlDiERdhJ0PcqgCcBdBUL0H7_LF9NSTKVN6PZV_fZ9S0ynrCZNs8LiNBLLualYqzPxEaHxVUJWw6y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MTQ1RDY4MEEzRDNEOEQ0RQ==

Request Chain 206

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELjMgoprZV05MWLdsV9oUIQ&google_cver=1&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lUKuub10UvPDVvW-AAn0UT_1DPgTU3GT8dhVAC2SSJGZMy0A95D7i0QrEh18nbdSoAREAk8NL8WoJV HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELjMgoprZV05MWLdsV9oUIQ&google_cver=1&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lUKuub10UvPDVvW-AAn0UT_1DPgTU3GT8dhVAC2SSJGZMy0A95D7i0QrEh18nbdSoAREAk8NL8WoJV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODYyNDM5MjU5NDE0OTE3ODg3Ng&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lUKuub10UvPDVvW-AAn0UT_1DPgTU3GT8dhVAC2SSJGZMy0A95D7i0QrEh18nbdSoAREAk8NL8WoJV

Request Chain 207

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEH1blVjBy51_y5EGOcLTw8E&google_cver=1&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDPtjMNY6M59QsWPndE1SsbCpGLQaIBWCURZlF_85SGi9mbDV70-zqZffDhzQclawJ4DAGQyVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDPtjMNY6M59QsWPndE1SsbCpGLQaIBWCURZlF_85SGi9mbDV70-zqZffDhzQclawJ4DAGQyVQ

Request Chain 208

https://ads.yieldmo.com/exptsync?google_gid=CAESEEQGwSjjA-RGynGtNeS3EhA&google_cver=1&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZCCK9cEDf7EMNoPYgk9oM0aP0BRejJHcF7cug6Bj6UWANufhRZeRJv1zq7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZCCK9cEDf7EMNoPYgk9oM0aP0BRejJHcF7cug6Bj6UWANufhRZeRJv1zq7&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=

Request Chain 209

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKaufyQVulH-x0AThTU564lJ06jSx6UaD9Q2eB-Z11RMloQz7IwnxXzdxvJSxj3OypYE4Ug_ZiPMPlU-gLvdBLJoKwpU7UiyC-CvtjzNz3mAWm9izf3NyjtIOhnHw3G6Lk1RxlDfFOb3XOd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKaufyQVulH-x0AThTU564lJ06jSx6UaD9Q2eB-Z11RMloQz7IwnxXzdxvJSxj3OypYE4Ug_ZiPMPlU-gLvdBLJoKwpU7UiyC-CvtjzNz3mAWm9izf3NyjtIOhnHw3G6Lk1RxlDfFOb3XOd

218 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming Show response
www.xgcartoon.com/detail/ 77 KB
18 KB 1058ms
521ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 72b27fe81b22583cc177ce538a04dbb2429b2b176717aa7dd160fa5f7a7c5eb4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 06 Nov 2023 01:53:15 GMT
etag: "135ae-LRjoB4SDHGaNo1ffl/ZysvdFYxU"
expires: Mon, 06 Nov 2023 01:54:15 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
72 KB 95ms
35ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d814714dfdb518b0e13c82074c7ba39581f53169afcc1424f88e25927f020adb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73131
x-xss-protection: 0
server: sffe
etag: "8cd1ce497f4c5169"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 115ms
55ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95ceb163af22ecb4ed905a6fe5640bdcb154bc5ca7f823c95829db5b467b50b2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23125
x-xss-protection: 0
server: sffe
etag: "321a8a2e321127f9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
9 KB 66ms
31ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5362b061983a3dec0baedadae28c6d9e9f66e20ef90ba320d685a8b235f265e7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: sffe
etag: "3b61813235d76964"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 50 KB
15 KB 80ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2d90ec3418d19aa3b77e76054eb71b0fd006122c432bff404a326638e618c64

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14995
x-xss-protection: 0
server: sffe
etag: "ab43075a93144b3f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 94ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39dd759ff5c50fb31d083cdeae81b5285589827cb3c879ed9fe8feed7dd08f45

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15372
x-xss-protection: 0
server: sffe
etag: "3ed1b2df45f63101"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
6 KB 60ms
28ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f5c46e1d404df5a4c0813d11cbb826a9c17727aacff600308c27f2fd3c892a4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4733
x-xss-protection: 0
server: sffe
etag: "ed220d8c0d8aaf6b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2e430617e3c3499b05d805e8efff4ff506476de56642b1afd2e151e5832383c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10353
x-xss-protection: 0
server: sffe
etag: "57f39d55bac17a27"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

759d98cf1d61c19a6a5ded8a4e97755d72a8f24ad9cf0879b5f6a712e77f55ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Nov 2023 01:53:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32263
x-xss-protection: 0
server: sffe
etag: "3040d9cf2f8c9f18"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 06 Nov 2023 01:53:15 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
472 B 212ms
149ms Image
image/gif 104.20.218.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.218.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:15 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 8219b3a80b892bf6-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 274ms
274ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:15 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Mon, 06 Nov 2023 01:56:15 GMT

GET
H2 200 moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming.jpg
static-a.xgcartoon.com/cover/ 148 KB
148 KB 1337ms
1108ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3a109d3fb2cacadfb2d5a7f949a1f0f008b7ee17769a5951f0d619389aedcf4

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
cf-cache-status: HIT
last-modified: Tue, 03 Oct 2023 08:10:39 GMT
server: cloudflare
etag: "A05186D383DC5D61A49D9596D0CC3106"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8219b3aa3cdfbbd7-FRA
content-length: 151375
expires: Sun, 05 Nov 2023 13:13:29 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 275ms
274ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:15 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Mon, 06 Nov 2023 01:56:15 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 274ms
273ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:15 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Mon, 06 Nov 2023 01:56:15 GMT

GET
H2 200 shengjianxueyuandemojianshishengjianxueyuanlidemojianshiriyu-zhiruiyou.jpg
static-a.xgcartoon.com/cover/ 84 KB
85 KB 1325ms
1097ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/shengjianxueyuandemojianshishengjianxueyuanlidemojianshiriyu-zhiruiyou.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe7f8b5af893b8519fd614ca225aeb8fa85f9b27d4abf503053765115b64ac8f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
cf-cache-status: HIT
last-modified: Tue, 03 Oct 2023 07:57:07 GMT
server: cloudflare
etag: "5F254965BCA7F741CE243B234E74DD9B"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8219b3aa4ce1bbd7-FRA
content-length: 86372
expires: Mon, 06 Nov 2023 04:48:49 GMT

GET
H2 200 baoshikuangzhanshiweiyouwotupolesuoweidengjidegainianbaoshidebasakariyu-yiseyilin.jpg
static-a.xgcartoon.com/cover/ 82 KB
82 KB 1268ms
1040ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/baoshikuangzhanshiweiyouwotupolesuoweidengjidegainianbaoshidebasakariyu-yiseyilin.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac734a36f32f69692bdfa931f548e1c8a4ca7205fe5c0d8cdd6a74ca67a1a8f7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
cf-cache-status: HIT
last-modified: Mon, 02 Oct 2023 07:43:04 GMT
server: cloudflare
etag: "FD1E404058514EC0372DDE72D9F64BD7"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8219b3aa4ce0bbd7-FRA
content-length: 83977
expires: Tue, 07 Nov 2023 01:47:03 GMT

GET
H2 200 aotumonvdeqinzirichangaotumonvdemunvgushiriyu-jitianmeihe.jpg
static-a.xgcartoon.com/cover/ 65 KB
65 KB 687ms
460ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/aotumonvdeqinzirichangaotumonvdemunvgushiriyu-jitianmeihe.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 377a4454860fe6df1e2afb6c72355c7e4a4f904e1afa2828d7baac156e48341d

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
cf-cache-status: HIT
last-modified: Mon, 02 Oct 2023 07:41:03 GMT
server: cloudflare
etag: "CFB2CE098CFB1D21A74AFB1AFF2DABAA"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8219b3aa4ce3bbd7-FRA
content-length: 66509
expires: Wed, 08 Nov 2023 04:06:15 GMT

GET
H2 200 wodetuishihuairendaxiaojiewotuishifanpaidaxiaojieriyu-datingxiuzhao.jpg
static-a.xgcartoon.com/cover/ 76 KB
76 KB 1324ms
1097ms Image
image/png 2606:4700:10::ac43:2a0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/wodetuishihuairendaxiaojiewotuishifanpaidaxiaojieriyu-datingxiuzhao.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3de172d5876d0f69950b8419e233103ecfa0a2042b517bde478d3a323defd3eb

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
cf-cache-status: HIT
last-modified: Tue, 03 Oct 2023 08:06:19 GMT
server: cloudflare
etag: "63704621BF325CCFA5ED422485ACFA9C"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 8219b3aa4ce2bbd7-FRA
content-length: 77672
expires: Wed, 08 Nov 2023 17:24:28 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012310201815000/v0/ 8 KB
3 KB 67ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310201815000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46f3814580ed67b82400f08e6e77214c1ab59427a34f8a4180b2129f70c477ec

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Oct 2023 18:16:09 GMT
age: 459426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2975
x-xss-protection: 0
server: sffe
etag: "4ca4ccf1afd64d82"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Oct 2024 18:16:09 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012310201815000/v0/ 237 KB
62 KB 33ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310201815000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

256306bb295af55f0fd7de58d88db2952523220c4a2a3a5ad02aa9a5572b4a17

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Oct 2023 18:16:09 GMT
age: 459426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63665
x-xss-protection: 0
server: sffe
etag: "cd3354c7460b11b0"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Oct 2024 18:16:09 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012310201815000/v0/ 12 KB
4 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310201815000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0daacbec8b84ea75e745a5eb6f3556e1e9e0bd14566bd91e7f3c5a0a53c6c178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Oct 2023 18:16:09 GMT
age: 459426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3941
x-xss-protection: 0
server: sffe
etag: "aef77be21ea5e253"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Oct 2024 18:16:09 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 32 KB
14 KB 270ms
219ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2310201815000&d_imp=1&c=640001386&ga_cid=amp-NICO640uppnGXDqdarHAbQ&ga_hid=1386&dt=1699235595774&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=60&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&bdt=323&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8918f49351237098d6a302c8d526aac19a26c1c3d677e75e6a3becc32151da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13577
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CIeJ0_ChroIDFRIIVQgdS9oPZg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138324260118
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 06 Nov 2023 01:53:16 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 32 KB
13 KB 699ms
648ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=819&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2310201815000&d_imp=1&c=640001386&ga_cid=amp-NICO640uppnGXDqdarHAbQ&ga_hid=1386&dt=1699235595774&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=60&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&bdt=323&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f41277bff5ee47a7c0ebe089915c5fd3ce8bd15994d44351d7442bc6696e0573

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
x-creativesize: 120x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13577
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CKKX0_ChroIDFcMd4AodWuUEew
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138351398969
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 06 Nov 2023 01:53:16 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 32 KB
13 KB 871ms
821ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2310201815000&d_imp=1&c=640001386&ga_cid=amp-NICO640uppnGXDqdarHAbQ&ga_hid=1386&dt=1699235595774&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=60&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&bdt=323&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b21b595a46d74e9307369025a4484d5e630831dddfef2aade35c8a463a949d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 320x100
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13570
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CM2W0_ChroIDFe8TVQgdyZ4Cdg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138324663394
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 06 Nov 2023 01:53:16 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 32 KB
14 KB 435ms
386ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2310201815000&d_imp=1&c=640001386&ga_cid=amp-NICO640uppnGXDqdarHAbQ&ga_hid=1386&dt=1699235595774&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=60&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&bdt=323&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c854c5d445589e188bef87f6b18ed50384361ce827315beeebdf24cb22474eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 320x50
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13555
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CIOY0_ChroIDFUKxewodz8YOYg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138324260115
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 06 Nov 2023 01:53:16 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 68 KB
24 KB 1196ms
1148ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=1033&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2310201815000&d_imp=1&c=640001386&ga_cid=amp-NICO640uppnGXDqdarHAbQ&ga_hid=1386&dt=1699235595775&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=60&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&bdt=324&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684e8d79918d589e78b1f46d3aec59c05a0496a3f206258b3d0460c507f56eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 728x90
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23880
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: CJSv0_ChroIDFSj6EQgdOuwMqw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495019
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Mon, 06 Nov 2023 01:53:16 GMT

GET
H2 200 container.html
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 100ms
27ms Other
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012310201815000/v0/analytics-vendors/ 2 KB
886 B 20ms
19ms Fetch
application/json 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310201815000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Oct 2023 18:16:10 GMT
age: 459426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "19292b0beef12704"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Oct 2024 18:16:10 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 275ms
274ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:16 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:56:16 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 89ms
35ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=1386&cid=amp-NICO640uppnGXDqdarHAbQ&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&dr=&dt=%F0%9F%8D%9F%E6%9F%90%E5%A4%A7%E5%8F%94%E7%9A%84VRMMO%E6%B4%BB%E5%8B%95%E8%A8%98%EF%BC%88%E6%9F%90%E4%BD%8D%E5%A4%A7%E5%8F%94%E7%9A%84VRMMO%E6%B4%BB%E5%8B%95%E7%B6%93%E6%AD%B7%EF%BC%89%E3%80%90%E6%97%A5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1699235597&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B3E0 6 KB
3 KB 30ms
27ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D5D1 6 KB
3 KB 25ms
24ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6382 6 KB
3 KB 27ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 764B 6 KB
3 KB 29ms
21ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5086 6 KB
3 KB 25ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B3E0 24 KB
7 KB 80ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 11:32:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 31 Oct 2024 11:32:42 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame B3E0 24 KB
10 KB 96ms
33ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a57ab75a4d1449d08cc63e9e8faacb98573a727a80bba8823aac4bbed87ab37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10262
x-xss-protection: 0
server: cafe
etag: 12146256887115930110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B3E0 189 KB
60 KB 306ms
244ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame D5D1 24 KB
10 KB 89ms
49ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b719b3f5c5ab8da8150e1ce4c12bef4bc159de02a596d27e2e4cc831b5bb9f4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10064
x-xss-protection: 0
server: cafe
etag: 2076099872053301952
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D5D1 189 KB
59 KB 316ms
276ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D5D1 0
461 B 66ms
64ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzXs2RdFVOeMUkZ9vLPqf7kO7soX--lCC26h2oiv9ygzUPte6BiAsRGplJ55ZE66SUwZj8GUUq8d3cPfl-weHp6WCrCvwizYmq--Jf7y86TIv5zvCTHskCToS6po75asUj6LwG-VUFI11P9xkbxcNucf3i8aBhDOrYoCTH3mc5SRmdR8IazMiDC4VjQtQ7jW8QkYp1R-Nfv3VsapDlcGl09yKsbeeWQescmPfvU95jw0YMUJUkFAQ2QnHoSMIqbsajkEvk1BTw7C9wuZ9NlexA2ufJLXfAJZkiRFUvA0mKQpYoMq-16QZc12YMhg33xv2J9y6d8m_3olpAVRm9pg0OXgfyYsUeIx8O2NGSYWxjWcZE09tUvJaru528H6NP2o-2XyE&sai=AMfl-YSQr1ZxOmGf8FvzSr2W8f47OmAPFrAx4muPt-5QWGwD2ShZmt0niGmyCWxej4NKDSHfI2HqqScdB4jPYTE&sig=Cg0ArKJSzNnVolclKIelEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 6382 24 KB
6 KB 64ms
32ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 11:32:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 31 Oct 2024 11:32:42 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 6382 24 KB
10 KB 87ms
55ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

077b3381c651cdc445e75305bab92a28ddc1b937895c022a05a0ad2912106fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10054
x-xss-protection: 0
server: cafe
etag: 1324813504002426102
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6382 189 KB
59 KB 329ms
297ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 764B 24 KB
6 KB 52ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 11:32:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 31 Oct 2024 11:32:42 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 764B 24 KB
10 KB 93ms
65ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fd005da5ecd3c42f2fd545b9dfe9fafe6c63d01eeb0d3bfd72a6d3aa40e1285

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10059
x-xss-protection: 0
server: cafe
etag: 2433973170973857019
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 764B 189 KB
59 KB 321ms
293ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5086 99 KB
31 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a696376383604bc9209d9af3623ed7073537b2c5515785c703a9723f06c9374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31215
x-xss-protection: 0
server: cafe
etag: 819 / 19667 / 31079372 / config-hash: 7101305502720886139
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5086 189 KB
59 KB 316ms
300ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5086 0
293 B 65ms
65ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuU-02wMaav2SxYwv8sjpIbgnEXvFJzkuzWs9XhzysFC5bROkA7mntn-EkKeWV6lLkyyPAzXPZH4BCrxUfQ_6PEeV57DqV9WjZg5rb7WDI1U40j6KpD2Nt94b1PwR1AuAQuZZ3T3z_4JGJXQgpBnxlbGjk2Y2CvfUTK1nxXhF_mo2y0pPSCiY6h8mJEzRbM3w1wzxM4IhnkmkmOB7NexUAC4BK9mXARgBa3w9mzWJjqNNR2vdllHfg9NJa2GVqZQudjEJz1bOIdY1aV11z-azCntfTMG9cNsgyroj9_eqGewt7d9-7UqQcJk7YpcwWmZ6dsv0V7c20RdCqq3Dd_EBVSHl4vdxF80cOqXcoYbaMHz_FKsZ6OKV1XI6BJopKhsg80ibVK_A3VsQ&sai=AMfl-YST_c9mXHlg9rrO5gSquU9EabxShQ64MNdPY2sgAc2tC13eV9Lz6jeIMgHPIwLoE6QFTXk6ciITR4EDnJE&sig=Cg0ArKJSzPg2xg3d7W3pEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B3E0 0
29 B 72ms
61ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstR0jL-FaZsDTAwxwao2XLfyZaD_UxQVhcyLzVGlqpUfOZJBLRl0W4uDdNSB2FFVhBhrZEmRwREpqFmEN5TE449Z6HyAixUTQ2Pza2LEj8PQ-xWRnnf5fzCUOb7L6M7zN78cPMU89wESO10jEySlEeOvfhtLJq75Ks3CQ-2aEE98b0Si4nl7b-R-X1i79Pm5HduePTfSAlW2mzIFSHe4qb3C1pySV0aF68nnmmqrmFWwSIRt1YpyxCas7mrqZ9EDDHzp6SxYnGSXs0aXrl26wFZvwetCoKiLvfe8tBsQHZu7j6MEQtDB4vlD6lLMxxdEr4I-8LXI8i_p9lGoMt_VBNhqeNdw40CcFoV6L4Xao2ojwQJJqSyKRFQWan4PZHRRJ-3pBA&sai=AMfl-YSTtKfNzUssmW06gTxRtf29FGaW06VGpjU3fUG7q5mdMO2c4MnUrZ2dTwHrdQhqMdHpEfzJadRqthI2p2w&sig=Cg0ArKJSzN302uAhlA4tEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B3E0 147 KB
51 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36d7491054975d43f30460bc43ef5526e3b68ae30eb1a4f5dc94ccb7f7585f37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51857
x-xss-protection: 0
server: cafe
etag: 14492448071756946499
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6382 0
26 B 79ms
79ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsueUqb6M2n200flO0eHoKeCfplRuvyomUHBkIwpyyo0vuCyqC4MWNNmLLn-ecvo5jDKlv3fndcBrO-oGSpwdRCojjD8yof1dJMtoQ9PagG8jOKvu79OzuUS5Gd0Nsxl7WFnk0Yew_RX3XzOPiO0IiZNqPHrXgVjzQedoSfHqzX4j7PaRJgA9F3svOuH9_-DuS-VeYsQf4jOsdeXizjBxdAvUr2eI9q_uMBrBQlSuH9ggtG8FCXNvWxIunyA9SARpjmdj2zMxDwacWECahjVdtAFPF_pSS58fMahVUfUHGiB01DKLw8OOYgVIQbYWni5VNg6lVgezm4MVfN-SDJ840Ary4JO6sYqHMmRkOhrEiHtyZpgdFLgA6t4BrTfCDLpO9Gpjw&sai=AMfl-YTsTsCF4c6ZTbDBipazALSLV3EifeEu6xFC4Ge5MVNh5aQLAVFVulPXzUB4LpXe2pViQRUX4ca00P8NvpA&sig=Cg0ArKJSzJns_jgzWwspEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 764B 0
26 B 74ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss8gJR8LotXz3Kvb7OQ1dKxsG0ojCBLi7YiClWGj95wocLebJp6nYKbg8AQzROdQe86M-orRpiHQVK6wj0-CDWr826-72KzQQHZj38KtA7euTgzkH6Sn603gEhYQ2nctLMd6iyKi_fsJv_tIcrKLo88PM8RSi_2xYSwHdKDthW_r4W7RzRySgI6DnYcR9giwa4-kZYXcgcgJAFrnhoqflmeBNKV1W0kQD_fXTh9aOmqAPh-4b8jR3iadc3oj0VMBil_outJkfcv-flPUiz7iqbjMEFkbqgmjA3qLD7EYg0_vut50oO3oVlKHWTo3NSwXSGghILDYCSdye8Ji1RPDyLWDVHeHKeZq2DOSmXGvhoVBnZ2WXh-gqlXZh23D8J7DJbsuA&sai=AMfl-YRSbQt5P-IWm4r3AZGuhUuhRpqqdPeEZmymuYUXAvBWbQQjFKCtg0jZAQElgPRakEC0msLO06XYvL5B-Y4&sig=Cg0ArKJSzCjShoH2PzATEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
URL: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D5D1 147 KB
51 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0719ba3c1bbbff4b49a07719f533ffd705f55b4a4ec39be6a377e12b7d192e58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51861
x-xss-protection: 0
server: cafe
etag: 4656632737461510608
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/ Frame 5086 425 KB
133 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/pubads_impl.js?cb=31079372

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16a2002fe6073aa0708f1048d7e523b42f8043a72770e1c5782c7e1010ab03a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 12:52:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46876
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136527
x-xss-protection: 0
server: cafe
etag: 6152360919581633401
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 04 Nov 2024 12:52:01 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6382 147 KB
51 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e7f0491777e710ac478109971b46f6de2c7e20464b81c33604aab5c64eb1e64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51860
x-xss-protection: 0
server: cafe
etag: 498345317833827306
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 764B 148 KB
51 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

deb852f3a04cc41588aff6b8805f04911cfe93a935a74c4781a32a4929b9e95b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52077
x-xss-protection: 0
server: cafe
etag: 5327565132611056428
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ Frame B3E0 399 KB
135 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

330f7a02aa5131098a43f42ca0f19c8d1465a4ee1ef18f3326e9734c3f26f379

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138211
x-xss-protection: 0
server: cafe
etag: 11847539621177649588
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/ Frame EDD0 10 KB
5 KB 77ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 59227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 09:26:10 GMT
etag: 251720774729838433
expires: Sun, 19 Nov 2023 09:26:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ Frame D5D1 399 KB
135 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee8f461f86f1dbbfa105111d19fc9ceba508d8f2da478e458e1178727037ae4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138212
x-xss-protection: 0
server: cafe
etag: 6110233283322758489
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ Frame 6382 399 KB
135 KB 81ms
81ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e5a481c6d0a1da8ccfb10bb9d03bb073b46264bca5332f36f1068d3b30b5cef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138207
x-xss-protection: 0
server: cafe
etag: 16403421305025610672
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5086 107 KB
44 KB 282ms
281ms Fetch
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=405724297371379&correlator=1849105618561749&eid=31079372&output=ldjh&gdfp_req=1&vrg=202311010101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com&abxe=1&dt=1699235597643&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=y4y2ylev8z30&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fmoudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming&loc=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1699235597290&idt=277&prev_scp=in2w_key9001%3D1%26in2w_key%3D95%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D95%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=1650531349&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17c285a6085fca9d6b290d06f88ef716fee7a04bd843c3371b3a3716a2bb358f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44908
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2DA2 6 KB
3 KB 69ms
28ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/pubads_impl.js?cb=31079372

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/ Frame 764B 400 KB
135 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_fy2021.js?bust=31079424

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37412b30b641c63ffcbc775b5fc2a497f2f2d99a5eb74dcc3adf02ef76cdfa0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138448
x-xss-protection: 0
server: cafe
etag: 17144310600965543905
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 36B3 603 B
112 B 259ms
258ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=90&slotname=3654094576&adk=1418711512&adf=3173046732&pi=t.ma~as.3654094576&w=728&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597392&bpp=94&bdt=133&idt=328&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=486348941&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079296%2C44807048%2C44807336%2C44807454%2C44807460%2C31078297%2C31079384%2C31079423&oid=2&pvsid=1604962131828914&tmod=200158774&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.l18g5eh85sxc&fsb=1&dtd=344

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B3E0 0
0 96ms
57ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukxasz9FZluMVs27yw3xSKqnQGCctfUOFIGa44AUyvtdnl9Ulf7phZablRE8jbjLgXllNTpflMB8urB3gDNMYejufMXMI8NzBZM-iTOeGhIZbM5p9AJTf9s6DhIyWUnqlwNueXVVw5Zi8bhoQam3WjTuyTiFbnYfPawqZ_1l1IW-vSq-Oa85KzT1zjk-QOBH6zQVMPlwPLPXf_ZKPL5hxo5LLUJzF8EhFMA3ntd4zGpO6Na9jq8mRoUqKnMsrzm2K2J7i-lAgiFTqTLXD4rZLOR0gOUlzmLXgyE2ueYzAbDsG1_4b2exVUjamvsac1VqPB7U44kWqIt-I0NtP-E5axC1uK0KmD-J94ZwLfObyrYhaa3SzAgyRuTPCeVGbsx0tjblGEAg&sai=AMfl-YTVAqXMNFGpATZnnOY8xjsGLp1OH2-aia7XOiKvnkr7-rhMhRoapUw_2PKIEuE-C3cj4RMP0bGTnUrSYxU&sig=Cg0ArKJSzMQGbhFoiltkEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:17 GMT

GET
DATA 200
OK truncated
/ Frame D5D1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1ac9d798cb6de2e19054bded55f21d21190b7849893a06ed84ee6fc76b2c888

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0A69 27 KB
13 KB 602ms
601ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0681c5cd701e67aa819568befee79b1ba6fb9dd08fbf33b4c1eee9fe51c1c2ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12866
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E741 603 B
65 B 261ms
261ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046730&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597447&bpp=116&bdt=160&idt=506&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44807048%2C44807336%2C44807454%2C44807464%2C31078301%2C44807754&oid=2&pvsid=1396754070652655&tmod=279062290&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.6r2vddk04jfe&fsb=1&dtd=519

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B3E0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c7d88c9e121d381469ccbbacb2fe9f74ea0e66fc010adc94047c103a24f604d

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5086 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c05c8e87b2c7e5c613659aeffbdbdd30f5bd1e9c995169967fa553fac7523fa

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5086 16 KB
12 KB 82ms
42ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311010101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/pubads_impl.js?cb=31079372

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

526560d05ea8b526d48baf721135e795c0ed7c704061d1d25f961648ba3ee99d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12299
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5086 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZENH6kbQR__RO4lxP9N7a0svuLpbXgN9H2e-J3NXpteX3g3KMdOjDalqIKnadq-0FUtrzN37n6b8wpFazct1hjgg2GCuEn1v_4cf7fXxw28Ej0iNSl1y1T17_p8ceIpqeOrven5rHQFzBo_TMrTvph1eXfMceBFOMDWXQpNFL4n9P8--LcEhCqziwrRh6bcGShak3FECh_PLVyIJjVM9zabt-QCsWUrSyOJ2TNympzjkIAv933pUsyUu3TcmR40m1BH_BCgSPeXBEa2V9mAyVit2i2K8-X85e0eouQvv2ApNaGuWJY5dBzl2kzcySZiNaQFCuld4sutu7C0tfFDraTOBUSimLeC_PtT4WbwOzmK4DFUaSUtPtCMlDES3u4VH1NeU9O8K68_Q7&sai=AMfl-YS8gAu7VorJX0chRA5VEh4ofrPsHZqjzWsXQQAmF5tJPiYFjue79OU7oQlMfhsmxeTOW29H3o0xcGcDtUk&sig=Cg0ArKJSzL6GnrsHl023EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 container.html Show response
47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7038 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/pubads_impl.js?cb=31079372

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:17 GMT
expires: Tue, 05 Nov 2024 01:53:17 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D75A 24 KB
11 KB 460ms
459ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_fy2021.js?bust=31079424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45c86106d961875b2f43a82fe8f2d710d043853a04991ab1ff1f9959c1e96277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 560D 478 B
195 B 33ms
32ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO37yo0DEL3a0aQDGPKfhvoBMAE&v=APEucNUwAZ_FSxcTHJDqlxHo1r8LODW8WUUpG95nSZ3YtqernqXDM5SZYH3aZ7o0W0gfPC1eLoWNeYfSKP9bwWiV7Zdor6a05g

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7038 111 KB
39 KB 80ms
19ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
Origin: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 14:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41719
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 06 Nov 2023 14:17:59 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 7038 7 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:19:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:19:35 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 7038 23 KB
9 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:19:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:19:35 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7038 41 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214519
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 7038 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24589
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:03:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1716 1 KB
643 B 37ms
21ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 34281
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 16:21:57 GMT
etag: 48472445140208031
expires: Mon, 06 Nov 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 7038 20 KB
9 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:20:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7038 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AABn64b-25z1ibMna759wQmW8JIpzWAzRWU7vOcFqknybMBYiEJy9jgFHBmu33zE8KJLHkLrBm6hJ5qLtjDp1IiaHtjjqeCVuVgL8ToL9E8XBt8y8

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7038 0
0 90ms
27ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS2NOHlCdVnwBNsE5ejqvJv2aV5YBy4m_JNZrixWLUSRYMOI8H3zi5up4R4zGAm93Y89SAohvkZW4vvG3fLEZLH2MobWQ
Requested by: Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7038 189 KB
59 KB 34ms
32ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B3E0 16 KB
12 KB 33ms
33ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231101&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712a0de41b8ee4334aeb94d3cf276b222502535671711092e073e8438d2e7ff0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12345
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5086 17 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311010101/pubads_impl.js?cb=31079372

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 560D 170 B
243 B 98ms
29ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO37yo0DEL3a0aQDGPKfhvoBMAE&v=APEucNUwAZ_FSxcTHJDqlxHo1r8LODW8WUUpG95nSZ3YtqernqXDM5SZYH3aZ7o0W0gfPC1eLoWNeYfSKP9bwWiV7Zdor6a05g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 560D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1&C=1

43 B
773 B

41ms
41ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO37yo0DEL3a0aQDGPKfhvoBMAE&v=APEucNUwAZ_FSxcTHJDqlxHo1r8LODW8WUUpG95nSZ3YtqernqXDM5SZYH3aZ7o0W0gfPC1eLoWNeYfSKP9bwWiV7Zdor6a05g
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jIlchLFRyJzShzAMIdhAPmgk1ugzhN8YYg0IX5bl8zN0c%2FZOb%2BMVCMY4HOeV4JTdPo%2FVc5e9sl95LquqkcOvEpm8fXDPosg7Ln%2FKdeUFqpCwnd276a%2FdfVaeLKk9S26rrEjMO9QBzCD%2FIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8219b3b91c3f3733-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUrDUF7pVWjmQkD7M1WRS%2F17weiAeaT%2Ff6yPm1yT7QpJxIViQ3cMUpAbRnBNXyDEJYwsG3cWhcbuDxRbWEmSSgvbBm7ytGiE8VeUXWEsQNzrg8KqNmJ8kauwZlgYgQk5lOIqIYPGVdlpag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1&C=1
cache-control: no-cache
cf-ray: 8219b3b8d8e565c4-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 560D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUhHDuJ2e2V9Bhx3bE6IBgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1

43 B
735 B

36ms
35ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO37yo0DEL3a0aQDGPKfhvoBMAE&v=APEucNUwAZ_FSxcTHJDqlxHo1r8LODW8WUUpG95nSZ3YtqernqXDM5SZYH3aZ7o0W0gfPC1eLoWNeYfSKP9bwWiV7Zdor6a05g
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAL8tv53tnbCFN725f6sGLbD4zdo8XhE%2BIjkDuMPM%2BzPfT7RcXvbWJaQLg0O%2FEMHGGKCloDMtckOKvVXK%2BTP40BPL1NftP1JMXEp%2FEcNwb32JYV714ooS%2FXJamfTAnPmeWoAop5cfdOE1g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8219b3b95c5d3733-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENetZzi9zgKxm2XJjMYHLCU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D21 38 KB
13 KB 22ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 209399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7038 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba4056fa6926b1c8927a2947f6a8a081da4f2ab5cf3aa164c4553a3ce4b8e200

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B3E0 17 KB
6 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1716
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1rmdWgge4pFXz0ICySHQQ&google_push=AXcoOmSt8FOOW56lxhq9lP2f2k4f1Bn_pWLr4vzZ_f-G10PCFwWbjyAv3K...

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1rmdWgge4pFXz0ICySHQQ&google_push=AXcoOmSt8FOOW56lxhq9lP2f2k4f1Bn_pWLr4vzZ_f-G10PCFwWbjyAv3KgKgepSwSSws1Du8zyqiVh1AG2JqW3DMlCeSGt9vI6S

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230041-FRA
pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1699235598.209159,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEB1rmdWgge4pFXz0ICySHQQ&google_push=AXcoOmSt8FOOW56lxhq9lP2f2k4f1Bn_pWLr4vzZ_f-G10PCFwWbjyAv3KgKgepSwSSws1Du8zyqiVh1AG2JqW3DMlCeSGt9vI6S
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1716
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEBrNpPGhhSlqBZ0mQAsq41I&google_cver=1&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxaA4fRJbFaY9s9M
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6E283306E9A1489CBCFBD9C7FC495B3D&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxa...

170 B
232 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6E283306E9A1489CBCFBD9C7FC495B3D&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxaA4fRJbFaY9s9M

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 06 Nov 2023 01:53:18 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6E283306E9A1489CBCFBD9C7FC495B3D&google_push=AXcoOmRVEHqPD-8Brx3Wgg7lwkEwpwKU4eu0NRSxYfhzpnXVl_f9zzQAEA52THgIK2ILG3bOqCdmUB1E0Jo3uxaA4fRJbFaY9s9M
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 05 Nov 2023 01:53:18 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1716
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPvNfL7t8Kf2klQ-feue11o&google_cver=1&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTc...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTcbXA2bjwp4VT3cn1FEJLNTrG

170 B
188 B

31ms
30ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTcbXA2bjwp4VT3cn1FEJLNTrG

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 06 Nov 2023 01:53:18 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 49B3C7BEC8094E5B87E44F46EEFBEDE0 Ref B: ZRHEDGE1409 Ref C: 2023-11-06T01:53:18Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmQWK9e92LgYmlxSo7xJVzjq_fmR31uZx6BaQk_PG9ylVTkgPM_UmcSak1X8fJVn_y9avuXTcbXA2bjwp4VT3cn1FEJLNTrG
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJch45axk9gWJ+ZudX/Q==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1716
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESECIZnEFcI0DnfDQnKc_1qps&google_cver=1&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyz...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECIZnEFcI0DnfDQnKc_1qps&google_cver=1&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2uCvMusBQjK_9VzWses1MA&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgB...

170 B
188 B

33ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2uCvMusBQjK_9VzWses1MA&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyzxPgv3C

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=2uCvMusBQjK_9VzWses1MA&google_push=AXcoOmSaqOQlFCqahozbMLoIteQFx10SvbSj1pzw_-5ABJwV56_pql_I-3-7LeSYBSmt30A1lDmcM2QWUGsVrgBVp1apyzxPgv3C
access-control-allow-origin: *
date: Mon, 06 Nov 2023 01:53:18 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1716
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENYnGVCH9n2N7YnOe-SJMgM&google_cver=1&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOi...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDgzODYyMjE0NTkzOTY1OTIwMTgz&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9...

170 B
232 B

31ms
30ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDgzODYyMjE0NTkzOTY1OTIwMTgz&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDgzODYyMjE0NTkzOTY1OTIwMTgz&google_push=AXcoOmQyFwJtJLlmRX2e5c-M5tbHuTbHBMuyo3YREN5BpatdlJbQvOsaN4GFvnQ9UsaBjlJ8T_tm4DkkqsDtAe20haoyrXaKlOiu
date: Mon, 06 Nov 2023 01:53:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 1716 0
35 B 112ms
21ms Image
text/plain 52.28.38.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEMUdF6p8U41TM_I4dPYawVU&google_cver=1&google_push=AXcoOmQ1mMTVqPOwIp0EWYQ59DYrRLlEOSInJ5mdILLmTcY3WR7Qya7Xv1-HJli8WbFQxb0YTZFoksqhVVEviyjYItS8ktowngnM
Requested by: Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.38.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-38-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT

GET
H2

200

0.gif
id5-sync.com/i/495/ Frame 1716
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEJMUcXR2Jp_qFZjBl2RE_8Q&google_cver=1&google_push=AXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBAkpBuGQ93fUKXdRTFMSqqrRKJUkOWA25GLVfMOeipQQG4v4EQFCKkOw
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBA...

43 B
920 B

24ms
24ms

Image
image/gif

162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBAkpBuGQ93fUKXdRTFMSqqrRKJUkOWA25GLVfMOeipQQG4v4EQFCKkOw

Protocol

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 06 Nov 2023 01:53:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

date: Mon, 06 Nov 2023 01:53:20 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmTcfysWvnApjRK4FTueOwUlUIMVNDVolPSD7qntNeBAkpBuGQ93fUKXdRTFMSqqrRKJUkOWA25GLVfMOeipQQG4v4EQFCKkOw
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1716 0
130 B 71ms
28ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J6KuMSusp28xQuLE83fx2s4b1sqoVKgKQfe2BptTY6Zqkqc-xUdMLiqauPeuKi-yRMbB_1Jn4

Requested by

Host: 47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
URL: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CC75 13 KB
5 KB 20ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 21069
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 20:02:09 GMT
expires: Mon, 04 Nov 2024 20:02:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 08B5 829 B
1 KB 30ms
29ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5e205d732f0f4e1dd0d683b0639fbfdf1f3ed2ba1aa0ec1f9d5f13bd4ff91e70

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ejJqD7-_KFGtDN3GYCQN6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ejJqD7-_KFGtDN3GYCQN6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
expires: Mon, 06 Nov 2023 01:53:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11400075306870387416/ Frame 5518 97 KB
21 KB 61ms
20ms Document
text/html 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11400075306870387416/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ac55e9fab782efa2b432674a55d32bec16d52b63da80ddeed894abbb5aefda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 240661
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21900
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 07:02:17 GMT
expires: Sat, 02 Nov 2024 07:02:17 GMT
last-modified: Mon, 09 Oct 2023 08:52:16 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7038 0
0 138ms
71ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfNiOwvgWODZGOlAagFKs2LK9qnI_xwscS0WeVuaMFBfZVY-d-xTEJYwS3ZLHV6b7Nw_61lnkqr50nZdl7wVrqJYZYOe6XXGEapVwoRzkLdmyNYIv6-s8wK6-vG5axJIlIPadTJYxSeWGUqxCcd5kaOjT3dwjp4JvyBM7K3LXFhNGlJyktO7j-TAF02FeHEQDEFVAYqq2gxjv-enTs-hH2X2GHb7PY1O3NamKBN4uGX3ZYsvu9O7xbTofnYIJjLWZnEUIEolgrUp-0lVKkvTNOtr0Apclzt-mK668ecTTzSPu_JmHPHHCQo2KJwE9R6tjwjTJpFqJSqFS-rarlwuXJrzPeMK9lLg8IfClLpyxzHiLUArPY8_fSyZLi3SGh0x5eRyB-E9xpeKJEB0gleRhU3hFTSoQJLZkB_pWoW2NOWs9UJOSJnzPH5XANciLpTvK7Wx73e2TKo4_pjz64_hgb97LM1H1tKBHOVnbf170onPOVT8hxhGIZEEJmxtx9PNB09c-7sTnFmorp4BUSDgqYeMHmidoppDrFdVA6r3L-Tsi-YhzPw8x59vVgW1lTBKkhGrON6JHAxu1PxwsKzi-sGVQOV1KxepVn2t-kLTjbAVTli1OwgJp0F-zu51b1R3XKdv6dalUOF7sGSYLc2I1wesf3jTiU9bmoVWiY0XwBqure7m579mLlVuNCHTSINEarKk7bug1cXofdBx14yZsyeVhCVg7W29WLPqULiuMF9Vs7ifzcAjhcF8vLPXiVfe7c4zPviZNB7A6jYvKjksB8rioQsgMc0ZthjRpm77B1IAH6jZXXUi7zpb-pvKzcAaaqDVYX7XNcC-Kg-IaHn3yyYE-VfcSbcgU_5jOpAC0Ka2OTkWAstLef91CxIAZI8pHEafhkSmoMmr_xWTkWoc5MfZ33pHUazDkBG4CpTF3cJGkfUjZKpyssfy7PV1Jw15wjZl1mv3R1XjIqX5jC9npTiuDVYP4mW8r4-NMb9pVAvhwjekpv1cq30PR1DUxA_yDQbtJHH7islpwXEeja7v32VwdJZ2QRKxTMVHbiYqvsXNqejFufBcfb51AywinOARydUKXk_L7m-F75uPC1TmthWMjnRrlpGM_gFraZKKNHdkqTVT2NJjmVmeIqWgbkQytY5nKJpetcE94BeromH87d2aBUdyM8yIJzSQutGCcPFxia1ru4D-cMwxVjPSC_OfnRmwuw31P2ZaZxYVDiLqIPP9iXdJOFJyRPoN5SL-jVpus0xmm6bD7TylL6mArr515k8UEgneIy61T7O5qhD33RVqq2ltvCNIbecV24ZxqFPjEDAcuwPap0tD5quW_Y79Y5l7QctHjefBeOOJI0bvbeboiSn7iCBrTafpRwNHLCzlLSYGC-&sai=AMfl-YR2P6e4zFGmsgMZoGMLU94a5pdJqaqOIN7miyl5ARjLi8zDSSYlRVhlRGEAyYq7_eEe3-l0OyAu8mLnYBVFcZqQAj3XnJGtxnNh5NmoMF29d2DOlzRfETJ_YyaOkPHDs6M_TtPNjNMxAe5qfz0ddBu8HhNB0AYmAAWSb51w4CWBWJ0Xme3-AJ33yf9zlJ__8I1D3bsPNqbWtxPONfEPozBd3FlHeziZf3W7aiN3JfJQjBS2o4hqI6zjjbdfuSzLpp2Utm1X-UIwBYLP68YuthM4hZ9UU5OwCMSt2cjRtHbnsZmYspO3pXmyOBGXSw&sig=Cg0ArKJSzL---Y9v_phFEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=143&cbvp=1&cstd=139&cisv=r20231101.63289&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 42BE 13 KB
5 KB 22ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 21069
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 20:02:09 GMT
expires: Mon, 04 Nov 2024 20:02:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3C91 829 B
769 B 30ms
29ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18242ed7d0e9ce01a6a05865bbeadd3eeb89355d7b517b6519a852e2e448bd4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oOXgel4GgyEBCeFjatYp_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-oOXgel4GgyEBCeFjatYp_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
expires: Mon, 06 Nov 2023 01:53:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D21 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame CC75 38 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 08B5 0
0 55ms
54ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311010101&jk=405724297371379&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6382 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5Fh83wkEEoRYIZfL1cYP5TA-8S4hm1PDUGcoH_HtkQsNe-zKsJI9SJOeni-AWlyD0K1SR2lD8L6oHoRMAXxJHvW1-fIy6q-Ab7c0skR43K53t4to4qZrcm3iOxsbzDOBGUWuPxlrnZ0QtfIGfEv_QGCIPjLILtxyJ4iGAyenAPvJy2v9obl_Nmof-_5GCg6BYvOREqdcFv6wokeQRTJE05k9UfvwSXufd97Q6v6scGoOUQNa7maWBnx2UkbagDYXrDgYx1yS0J3GKgFCAKRKCEQN8e2Ub21-48qjJ-qDEGmwxV1ASoYyMTg_X2DEXaKVmKdEUVAkJ3CRG0FYJn-TKm_gV7knaWF-V2TMfEbTfhcI53a0cy32DQyNGpXTEIeRZenrZ&sai=AMfl-YRVOIZT8_DFbSUbBfbmRsPczs8evn5js3j7Zt4a66Ztri4ABW2TdmCqY61Hx5LR9pGk4LECkt3jY3LeAP4&sig=Cg0ArKJSzB4M8O3qWbhpEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6382 16 KB
12 KB 35ms
35ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231101&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f3b211bc784dd66082243fd6da77d353f3cfa2daaf370fe8847e614238df451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12169
x-xss-protection: 0

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 5518 32 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11400075306870387416/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11400075306870387416/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 07:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67196
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 06 Nov 2023 07:13:22 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3C91 0
0 53ms
53ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231101&jk=1604962131828914&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6382 17 KB
6 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 42BE 38 KB
15 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7038 0
0 60ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfNiOwvgWODZGOlAagFKs2LK9qnI_xwscS0WeVuaMFBfZVY-d-xTEJYwS3ZLHV6b7Nw_61lnkqr50nZdl7wVrqJYZYOe6XXGEapVwoRzkLdmyNYIv6-s8wK6-vG5axJIlIPadTJYxSeWGUqxCcd5kaOjT3dwjp4JvyBM7K3LXFhNGlJyktO7j-TAF02FeHEQDEFVAYqq2gxjv-enTs-hH2X2GHb7PY1O3NamKBN4uGX3ZYsvu9O7xbTofnYIJjLWZnEUIEolgrUp-0lVKkvTNOtr0Apclzt-mK668ecTTzSPu_JmHPHHCQo2KJwE9R6tjwjTJpFqJSqFS-rarlwuXJrzPeMK9lLg8IfClLpyxzHiLUArPY8_fSyZLi3SGh0x5eRyB-E9xpeKJEB0gleRhU3hFTSoQJLZkB_pWoW2NOWs9UJOSJnzPH5XANciLpTvK7Wx73e2TKo4_pjz64_hgb97LM1H1tKBHOVnbf170onPOVT8hxhGIZEEJmxtx9PNB09c-7sTnFmorp4BUSDgqYeMHmidoppDrFdVA6r3L-Tsi-YhzPw8x59vVgW1lTBKkhGrON6JHAxu1PxwsKzi-sGVQOV1KxepVn2t-kLTjbAVTli1OwgJp0F-zu51b1R3XKdv6dalUOF7sGSYLc2I1wesf3jTiU9bmoVWiY0XwBqure7m579mLlVuNCHTSINEarKk7bug1cXofdBx14yZsyeVhCVg7W29WLPqULiuMF9Vs7ifzcAjhcF8vLPXiVfe7c4zPviZNB7A6jYvKjksB8rioQsgMc0ZthjRpm77B1IAH6jZXXUi7zpb-pvKzcAaaqDVYX7XNcC-Kg-IaHn3yyYE-VfcSbcgU_5jOpAC0Ka2OTkWAstLef91CxIAZI8pHEafhkSmoMmr_xWTkWoc5MfZ33pHUazDkBG4CpTF3cJGkfUjZKpyssfy7PV1Jw15wjZl1mv3R1XjIqX5jC9npTiuDVYP4mW8r4-NMb9pVAvhwjekpv1cq30PR1DUxA_yDQbtJHH7islpwXEeja7v32VwdJZ2QRKxTMVHbiYqvsXNqejFufBcfb51AywinOARydUKXk_L7m-F75uPC1TmthWMjnRrlpGM_gFraZKKNHdkqTVT2NJjmVmeIqWgbkQytY5nKJpetcE94BeromH87d2aBUdyM8yIJzSQutGCcPFxia1ru4D-cMwxVjPSC_OfnRmwuw31P2ZaZxYVDiLqIPP9iXdJOFJyRPoN5SL-jVpus0xmm6bD7TylL6mArr515k8UEgneIy61T7O5qhD33RVqq2ltvCNIbecV24ZxqFPjEDAcuwPap0tD5quW_Y79Y5l7QctHjefBeOOJI0bvbeboiSn7iCBrTafpRwNHLCzlLSYGC-&sai=AMfl-YR2P6e4zFGmsgMZoGMLU94a5pdJqaqOIN7miyl5ARjLi8zDSSYlRVhlRGEAyYq7_eEe3-l0OyAu8mLnYBVFcZqQAj3XnJGtxnNh5NmoMF29d2DOlzRfETJ_YyaOkPHDs6M_TtPNjNMxAe5qfz0ddBu8HhNB0AYmAAWSb51w4CWBWJ0Xme3-AJ33yf9zlJ__8I1D3bsPNqbWtxPONfEPozBd3FlHeziZf3W7aiN3JfJQjBS2o4hqI6zjjbdfuSzLpp2Utm1X-UIwBYLP68YuthM4hZ9UU5OwCMSt2cjRtHbnsZmYspO3pXmyOBGXSw&sig=Cg0ArKJSzL---Y9v_phFEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=318&vt=11&dtpt=175&dett=3&cstd=139&cisv=r20231101.63289&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 139C 13 KB
5 KB 21ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 21069
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 20:02:09 GMT
expires: Mon, 04 Nov 2024 20:02:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1DEC 829 B
560 B 30ms
30ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

992e2f78a0bca55acab14751915995ae3f47e6609cad763a881bc9f2e235f288

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FwBproqDScq1Kp7m8SdmLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-FwBproqDScq1Kp7m8SdmLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
expires: Mon, 06 Nov 2023 01:53:18 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D75A 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASh5Roytm7iDOyi5_hzotnUsydt6qHXyWEsw_mAfuMgvPwd5KC4WodUwb02fdKWQgz8so__CVZ0u5o8TtifGV9S2FeE29t45o_NzaDkJEY9Hhv58E

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D75A 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14926024893855477372&x=1&ct=119

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D75A 89 KB
31 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame D75A 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24589
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:03:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame D75A 20 KB
8 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:20:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D75A 0
0 28ms
27ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZZLSiM--u8hYwWBU8VUmAPBMhBsrXpCiBmZu8yKhbmvoc2A6WDRqkSa7rcKew4d7KnN6oXS6oKnar_iPjcYuyN0zWZA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D75A 189 KB
59 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CC75 0
10 B 19ms
19ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bTO-vQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 47C4 611 B
263 B 44ms
37ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLzpFBDB6426BRjasKX5ATAB&v=APEucNVLrA53fz1EKI2QFsnpGJLVYO-xSPwOhPCJBl4qyi4SvDeIJ8HVqf2cnyOfiinuRR8lHhLAsGWcd6EW_okG2vHtJXdvuA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1DEC 0
0 56ms
53ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231101&jk=1396754070652655&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 139C 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A69 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACuZjOqUu_cI6vyp-phppCixRj_ThbEQ7LVEtGkTRtONvaRzMM5SPab7SJzfqUKltsJfUQTuFQoa9kG73j6ig9_-8XwRXP-W4wUc0uLyvpb_GSVuk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A69 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8333087865757506972&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0A69 89 KB
31 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 0A69 3 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24589
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:03:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 0A69 20 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:20:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0A69 0
0 31ms
28ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLDaLK1-nmqTDPKGrf6vOetZwu2tpwTkjDb8JWnkDM1i1SJFl_DDA6iPv-JKs6vRvu4kSGEijgX3bGQDwJRgOqRiJ5bg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0A69 189 KB
59 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 090E 441 B
197 B 41ms
32ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNUJvQHDLgoUCFJe8_VaX-lHreD8Af8bD8NsLyNXwMsq6X-Js1js0ekjMQunljhYUjuExZSZbljiqX3yu9IRGFpKVGxXYw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D21 0
20 B 63ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIWgdDUdIZeXyKquwjuwP07OUgA0AAAAAOAHgBAI&bg=!2dql2pXNAAb4oU7C2KE7ADQBe5WfOCMc-8XgaM3ivVUYDgq9A8ajJNrkvVqX0K5HDVv1BwMqx53o5AY5bYrlePGphhlsAgAAAPhSAAAAKmgBB5kDTfwtK52Q0FplRomJV37hFUEbKUWky0YDUR2NPvX3x2ciRwa9wbjkCXon2l9CjTuDyV1OQdasSdKxmqrUNg7bcwcVGBTWUZfdI_NgcJZveQKIcwmnY_4k4GLB7RjIcqa1eaPrU2RXrVQLq8g_r43aszrVzM-p5S94KalPTUx6dhryE4NnIHJ_459pKG4uEkojwFFTEUZkNH34n2EsNUM9fjWFDaYcqksGJ3bqZz1jvCZF0iZY2iHxkIC0Po4dQieHx03GwK8ZzHZdPRi2kKrv1pD135kBbEwnmoY2BlbYkrMI8ZS_DLuhmCtPQOpN3hF1FDCirmY2Bw5--29c33xHWcRhijei89aN8kCQJLM9W9T1pvCuYuA89DsuJArfRCwTigGKRTQyCJB1iPcbKj74mtSOqGLGxw7QY6V_rY51cVrchipuiwFDE39qg9ZvvDMeDIRWyE-vzgd76y2U095HYW-7_FTHaYDAiBOxklizJZO-FKuNTLMeMxacGXZxT7VacplbfHZGwhQ-PbXZavSW5Ja1V_53LbmTI5VrU4V66KjngR1xuo7raCPW5M3-m2h-oPFoyPsctoRJFSbsb5loZeeSAecnd3SEbjyxSrFuxMXpS0nJPr5qSC8WyqrdknyXzZz6mPpwBP6qoZjleg7Mcav30vb8kVp5KRa3ZlHQp9XNo0DTrXrQilxqArWYREv3wO0_bGouGs7vqqVWYOz1o03EhYJuBNvr0TJ3vk0h6lwC-n4eEe1L8_7ZonDBlYpw8E2t_RkiUBZAUgkjzjaPP1JzXDU5EI11F8rX351mUeQ-gXDkIc4DrxyVXZo0X4zLL4lwfTeTBSEygaoiJH-GvsZb4FYk2xAn013cgvrg_L8bh-CB0C4J16jpyy7UWo9igMgDkRnzPCN4d7sJhM84mjaobOkuI4Loo7cEIgxhk4_3Df52OTFopP-x2YUwC-qrYscYaHtUe2vEfiKvaE3RXC4kBAOnj9IB0XFfKbvXfz4Ujfmk3M0_jXZiDib0oJlyZSMqLyW-rbOpiWchz3hMKz0_woH3dKcaxKkY7mTJ7KYpgl4y35_rr7mUqQEmpU-mcCDmrwZjAiCPhbXXG7TAB83jX9fRESunICSowcIo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 47C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECl_e3vN9IXxC0fKg1-_JPc&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECl_e3vN9IXxC0fKg1-_JPc%26google_cver%3D1

43 B
893 B

32ms
32ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECl_e3vN9IXxC0fKg1-_JPc%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLzpFBDB6426BRjasKX5ATAB&v=APEucNVLrA53fz1EKI2QFsnpGJLVYO-xSPwOhPCJBl4qyi4SvDeIJ8HVqf2cnyOfiinuRR8lHhLAsGWcd6EW_okG2vHtJXdvuA

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
an-x-request-uuid: 04415747-4b1f-4f68-acdc-b698f45ee266
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 195.206.105.131; 195.206.105.131; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
an-x-request-uuid: d95c9376-fc11-4417-a348-64119757deb0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECl_e3vN9IXxC0fKg1-_JPc%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 195.206.105.131; 195.206.105.131; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47C4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
an-x-request-uuid: bfbcce0a-0ad1-4780-a137-f0918695cc74
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D
x-proxy-origin: 195.206.105.131; 195.206.105.131; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 47C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1

43 B
172 B

28ms
27ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLzpFBDB6426BRjasKX5ATAB&v=APEucNVLrA53fz1EKI2QFsnpGJLVYO-xSPwOhPCJBl4qyi4SvDeIJ8HVqf2cnyOfiinuRR8lHhLAsGWcd6EW_okG2vHtJXdvuA
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEOZHV2Jwgi8XUI9fdE_3q4s&google_cver=1
date: Mon, 06 Nov 2023 01:53:18 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47C4
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTMzMzVjZDAtYmRlYi0yMTM1LWRiM2EtNDBhYjMyYmIzOTY3

170 B
188 B

35ms
34ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTMzMzVjZDAtYmRlYi0yMTM1LWRiM2EtNDBhYjMyYmIzOTY3

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTMzMzVjZDAtYmRlYi0yMTM1LWRiM2EtNDBhYjMyYmIzOTY3
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D75A 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6051637411083&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D75A 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6051637411083&version=m202309260101&ct=119&x=1&cor=14926024893855478000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D75A 89 KB
37 KB 192ms
191ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRrvN70VzcwkOZCuN_b8JfEDbWuhCO3YQcBC4v9i-a3KgtwhdR2KZtmDiHbcXh0Dzm3V6LkEDv5eKsHS1Pei8YBz2TRkLg_G6DCzDAbFNiAqAp-4rmzk77C_-IGrMbYE-owJUiXwkgJ12tsLObj7T2M0pLPMmvV3-C8m2LO4TndgR10Yc&cry=1&dbm_d=AKAmf-CnmoSR8wHFliI1z8-Uj4wChiMGILcsrq1tEehOMwPGqg0PP5la4GEwhQQKH3NmmVpzSBzUc4KJjpqmVgvJevVVm0C1sTj8xtY5Xg8UWBJ1fwunsWco79dmV_RsiyTyHUmgczNq7ErlAQhRg0sPUnbgd1YKgzJRcPXsq5Mvt8PlcVZ7mPfcLFy6XatPQCfBobHN-yNOod9skuNHzZ3kfeghGtjyXMXl02q-GxrNdKvjPGu0eh7ZTMbyV62wjYdqRIv-GMa-195uyEpipr809CHaCCYY8ilfltspquiKg58C4IXVaLMfdC0YJ6v0zVA89XX59hJkcO7rR8FFAWL2em5zpN9kSmIeRH7gTmXNkbUpjjR-ppokeQHtvP3lttPof4n85IFS7NTezLLsr-DtNRAUpNu-1_4mjDO-hM-9Ccc5VBXYr4Tww4oTd-CWB1eyGpSSvJJpTxgBFpsVNpR-c3twGcEAYkF1tZWtnK78yd6HckxHtnfrknrU8HHwvlHQCs1s9hLHB40YNktOK7H18ohNHfgx5geJXjNmtEe-NPFCjFV4YBC5fA52YvoqGUyHBWPR4FblJ7avUpP0QrMI32BIjznFYIsGNiXvLlKZLr7pNipQg5s9_-8bcWFKEbWdbUOd-uFL35AkwS0Qx0RJ67L7bJGEjJY9VxuZZgcI6AnkrRJzU2pwgYkPJ0cTSf4u0ZUAlD27Vu7WK0ERcJUfix1i4VvQuz4ekDLsteA_wk_iLi2bT4MUlgpOGr6pWBvYSVOtXixomOZ8I6huraRwg9h1FxdR_X47LeJ3XP2HriZwrU_2sKlOvHmfvs-6meEDGDbnF05JsjXh4e2ORpzFoBsLSnGd0Oo4l39E7-PxBhsCfV8_ZfYw9SpOYMAzWhJ5c5ZfKrH_6cnQq_X8LkT2P2iVY8Pdaz0nmagPvtjk1yfJ_g2xaV-2BzZz4tCT5oZeqWgy-MxgrQw4ykxvhA1HjpvyQjXnyXoS_Bguya5tHIsd8VK1MP5ljGJbQPVH-kVJb7UE0cs5dOlqZAgqYXqoLfL6kfFhqeuqQLK1xnZGiNLVoN3XMbruQiLHkspkzmeMEbbM3_FnEMe3Iq_5Dmev3_71AaBlFsSHqJQBKnhJ2XyEcEO_bll4Gc2yIWVMYR6i0sgUJ3b6Xp_vSB91Bdlr6xi5_tSVgsIzI4EMDEcrh7tUK2_HKD4PgUz_nst3aIB7qrUhsalN1QAxWMVcpyc8zZJJuUUrg5LFOSArys9chkB5S9BoD1N52xKQPE0I6_WQpjBIL23jp-x-pfsyFEP7iKWx0ETkaSucPVLk-I2MG8enb45BXsEHJX5GKO79MGY2RwpW_vKVlvFJ17Kc1dL5hGOfrRMVxmJLKwN-mP31wTD1VLy5LoI798P1oI-gibSj6V0GKo3ZacLaTLxFPv71v8RQ4J9bZfSL8BUfi3XbUmkmLdpTsu5aTuXGqN_lxu3_QbRCnHzrOnT9NanOYiby5lir1iLkuRGWhntxP1ebb0ETvpsuuPKLCnGYNCp0_i8UczHgL9aP-6dmyVseEPSqizk13wbUkT6H_YQD8ryzKodmBVqGNLlagCL0kbDVnBQUfKjsAOKFxwIIe9KbvnPxBMWLIXoI88G-gUHeSH_i_v3eAkuVodCqw2CIGAbpfC4yTOGt-8Hmeka7wD7DeZn-LJv_n0w2o546r6V-gEZt798y1BwJuwL3OLNPrwx50G-NEN3cE8PHg_QFqt05y4vvVjjrsntLvflLNB2_u3rCSdCc2juS4jivFjTk49iZllUBqT1TYEQG5OPNFAIglrTgj53z2CI0-cCmuNY8bC4CC61_TXPWE88H2cTJGLWK9nfs02VKaP9M9xscrmN8xNk48wJbKS2JYCj9lXurPmFHOVtjb9d-UG1TCaIQoqXgjELZ09CdWshaxrEXZm06rShpxkOP4ZcL3WR29RbSQyr15AkOPbH25Qt7AuJpUsiRGZxoDDPuKe_E8sucpcx2ZBu-fE3UeWLuS_SqK1xOb_fGOt7MZYAj5yLkR_7582BDwnMgrALKIZ4k-5_N449-mX7J3pq4Ey6kvd0wFrYKR3LpL0bsLn7aw0Q4gg7hvjSI_HHChW0EzB1UDwytZaEuv40HDjuwiaSGL0_TP0YWbjfk9lgF3qbyFZDErWVjnot6_5S1tBXeZXSdIKbEfIoqf8diPKGZ_T2sUEqm2El5co_TSEsZYIMLvQnwf93lw6wxQ4WYavBafIkOn9_ROzj4XlXRiYfArHadolMd9fGe5eyHPOq_Avq3Re4rGxjfBLV-lNrdyNZt9WmjUUtzM2iQjMQQ30g1dCpn3LOJ7_37CemNVcWXzIirSOC1aDF1FmwYXrodnYueamO3fRqbw6uOee0MArSje5rnatsmVJptaX5Lrm8_gWlBgyiYuk9PDG8oZl1lRa2i0-CfMmKVhSFyiTnz3zZPnt1SxIgPP8V4b5O6z0m3Izm4Em20Vi5ap1_lAOzipoGS3dTXRsstgHgsP9GpirqY3g6yLS8uxHUj_rjrwMvJswjoNCPwfQ6QvKMLdfmNaevoVJrni6YYUnhaqNrduRo6Xr7x5QboXW311srkTvpiHpHBdHGTc_ueWOby6wtwr6E2SII6WuE1Gn6QqLuWtCqGZqrFUSMZEz7h1s9382vNaWszlxHh97Ym70M00KYxEdFv54g1YNBZZvri26eBCi79V8ShhvcrISLuQyM6dVqAMkTZiOCweacUyBCDt2XXqbul9NZfbaHM72T8UU-D3en2XzLoQl9EUZwQ7MTsba4B-wffMdt--WNm-x2n5MV26b45hkc3i6ACXlyuCPC4xsBJApypAAKU8aDjnABBUHRarenAKj6ka6PSANYwoB4ETuPNZfD1bR9a0OmCVT9OaU5cRZ5Qlwt1x13DTuCyxoItVYqEH6ZvY6oKVBFLJjrprd3A9MpXU4A_o_Vh_5Cfi2rlHUZVKk9dj6yXbnf_j1b078tgU4NUx1osPpO2FmkUxZT2-sNIWov7TPRAjIMGrE0b5fgHge1_cSMOtKqsf7xgiia2nHjuJqMRYhSB9ymR5kAd4ZcufTSjzn1_UX6xbo9a_Z1jGin1RKLRok6iOfLOmAxEzjtc2PDHkpgiGWygb8659ypYmnxpWkuHstq8c9fDspzxysJN1U9H1Mj0NdXEqG5nrkE9-OJ7RatcqpbHAx8oNXR2iPOogs9TQbqdTkrH70wc9IAJ37daniLUHfghdsMltj95D3Ik_YTHjyGYCUXruMde7eoDJO2XpcOBzUXVPHg0x2Gb6qdDZIrsOWTt0nwsxsd-XyiU7F5Aswc_K9e-Wd2niKgbQnuegUdPLnKi0zz54cxpPETjuQjC7sV4U-4X7WULcGk2ho2H5QCC8Y7P-b6lhEpejCheI1_4wLVuHjhixh9CXQGEN4vueW4ybAyHPiriP5FrgkaqLaPXwMHeOxey8PvyJCrQwNIwiNvsxTgM0A&cid=CAQSKQDICaaNHQsaaGm39dzUnbkMRyDQS1rubw0f0qqP5X5HkHKfmTXhjxfMGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=14926024893855478000&adk=497053795&idt=47&cac=0&dtd=28

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc82a12a1eb836c96b385d8e32b76575f5753bd305a9374ceeed5df947dc945f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=50&slotname=3654094576&adk=4084513633&adf=3173046729&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699235597452&bpp=255&bdt=163&idt=560&shv=r20231101&mjsv=m202311020101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=3&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=1957079911&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079191%2C42531706%2C44807048%2C44807334%2C44807455%2C44807461%2C31078301%2C31079424%2C31079381%2C44807753&oid=2&pvsid=2354622432321991&tmod=521710351&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.a2bz2sw08qdb&fsb=1&dtd=573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38033
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 42BE 0
10 B 19ms
19ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ii4FSw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame 090E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDJHHeio_GHxrvEjiFPDhUw&google_cver=1

23 B
278 B

109ms
49ms

Image
image/gif

2.19.104.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDJHHeio_GHxrvEjiFPDhUw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNUJvQHDLgoUCFJe8_VaX-lHreD8Af8bD8NsLyNXwMsq6X-Js1js0ekjMQunljhYUjuExZSZbljiqX3yu9IRGFpKVGxXYw
Protocol: H2
Server: 2.19.104.4 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-104-4.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Mon, 06 Nov 2023 01:53:18 GMT
pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEDJHHeio_GHxrvEjiFPDhUw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 090E
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YjQ1ZDczOTItNTA3NS00OGIyLWEyNmEtNjJlZjI4NWZjNjUy

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YjQ1ZDczOTItNTA3NS00OGIyLWEyNmEtNjJlZjI4NWZjNjUy

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNUJvQHDLgoUCFJe8_VaX-lHreD8Af8bD8NsLyNXwMsq6X-Js1js0ekjMQunljhYUjuExZSZbljiqX3yu9IRGFpKVGxXYw

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: pekko-http/1.0.0
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YjQ1ZDczOTItNTA3NS00OGIyLWEyNmEtNjJlZjI4NWZjNjUy
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Mon, 06 Nov 2023 01:53:18 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame 090E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEBc9awo01JvhLnrrBGpYhl0&google_cver=1

43 B
175 B

399ms
117ms

Image
image/gif

2600:1f18:612b:4200:8dc7:4fa0:2c07:4fd1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEBc9awo01JvhLnrrBGpYhl0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjBvYjGATAB&v=APEucNUJvQHDLgoUCFJe8_VaX-lHreD8Af8bD8NsLyNXwMsq6X-Js1js0ekjMQunljhYUjuExZSZbljiqX3yu9IRGFpKVGxXYw
Protocol: H2
Server: 2600:1f18:612b:4200:8dc7:4fa0:2c07:4fd1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Mon, 06 Nov 2023 01:53:19 GMT
server: nginx
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEBc9awo01JvhLnrrBGpYhl0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A69 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4670940729213&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A69 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4670940729213&version=m202309260101&ct=77&x=1&cor=8333087865757507000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0A69 19 KB
14 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYUb5oaCEDTa1fPaGsq8GpVfQTgPk5M667fzHEoJz0GQ6lK7mg-fiOr4ZKZyJUqT_qDCeZUCjezh_WyD1rPTLb87bMsivIXeORHyYzLOKuNzkYxxZVebjn5ceXW_SnW-XhRMB0bvCs5sWJrRl8zldYCh277xSccYxg3hDJgUHUkZeBvus&cry=1&dbm_d=AKAmf-AwO3d5QhuN_TIyYrGlxrNIx2ZqeDzf5MuV1CJ6uHFJLqvEL13YWi5EiPAVW6fKeykMr2ywvg96SwFRuV46CTYBv7o5B7ovRrnBAKgFwH2WlQUdELTVigjTj2Prjc92OqO_ESCiDGSQChsYMI7KbJIRbrlQqHpKqO-v5gzE00Jq4dV1o9PE6wphvtIFP0ubTyv2UM6ZYf1SWiCaUUAqCMTTy9taR73DGc6EiDrN6GZNemBL3ceG8roy6boU2tquMcdipQOa05BAlzGpP7VQZYl8dV5-dWCBWpfgr4YQwn8GSe2Zqypdu5zE8SGv1ofyEoe-o8h6vk7a9IW16B6lWup5lDHA5U8SDDcW2u9j1q5_C_ioh5uf63iX8dmtAz_43yWHhLI8jIM7SvEnr_LlhRD_tNKFSJ41RcuxgfJgw_SKPTD_NQog7de0qNzzSpJatomFHMTAYwpAUZd70eYXfgfOysyBMGnGFXkuUQhMqzwu_1opsOS5DBlF_0mUBW-hQhUq_TPJbxAepEKPmfPDbx2i_90WyFqNxXzhodOT5Awum1DGDSt2Nhh_IqNvIAjxUWE1Hbq16N3YjSWXIpd4miDzWQpdo6UQjutbdYW5wWl2j4Xf8drrbxOfZ_Z4GroO7zpBzP4VI5uBiOGaiLdrfqeIz1Jok2mhwd3jnxCgR8cjP17r4gMVpqxRdXSDmrdsjGMmIfYGtbG9XRyJKeI7CF-hCgdzmLsbM_0HSRIUaCVm6EcnVf-nD8xt0z6pjLG08ag2sY6jS1cJN27XIJNBulIuVkx28k_KHR6POVGjgl6R5eu6bw_PBr4dgi2KPW2AFTYgAacekeupYJqquhR4sp5QdVkSX3aFmCLouRelCSXsCbBIFjx4qJmcyVumpInZCi6T3Bkz63JCicYFVpnGBDppiVGb4nwXp3peohM6ox7iwWvUyxy3A6v5x7w3F6xNPOMlaE1SsDwI-CZOcpFTzHJri5wdex4jLRYvyaJTMZo249TGKsu6WKVdA4D5JiBBxb3vbq9xtzNW83Nn0p4Z1xD50i_WE8ZV7X5J1ou04fhwGOMNLGlbTI1sKh3xejtHRmYkGGeWaf4u44tHSvsgqRjkgb2z9ftFi1LsLk3PmnmSwJFMk6YNccE1fWoPlWXtV3lHygBkbGoZCJb7Xn8HPYaf78kCMankOLOtdJFY7AWqTHUc12qwlpgLwZ3x0qbSiPq9RKGrmb54Ev0OQQybQIAOPQuzyqrJd-E6o9jTnzSS3mn4zu7Ip-nHxEcIn5M1vgJE_HnA6TBEYzfvzxJF9PT--HQuGVBTu3Kp6cWrxe9tT7zeOlalLxLdtkCGu2BJ0xOQtylZMtRVBnI961Xg0t5DJuoj57FU0Z8ewC_eh6mzgy6--m4U5sloo8C2dumkS5K28SaTptq1nflD4TmcWzRd04laL-UJvOI6tST-CuuXhsAj8dPQUgVYwx9xrJckmowIOqrf144suc3ErQY3fNoTPI9uOT3TNn2RPdJqLQTPVOuoiY0YX-ip0UgrOYc1ZzHCeoS9-VEgAjHJgphmbOFBBKRQo_sfY0fdQsoHaV0Sl_q9KFnHcDao3D-aEIJ4bYv9WvGM5BG0P629oZOzLYB6UUnRj14f1PPHV71UElpn74-YvfC9wFplsvoHquxCvck46ILcmaEQSrMD7k5LeDAqpAYYgRuGf9M1xir1oWnYio5j4ThuDNZ4oFoiQr-M2Lk97SyNCAj0TNESAVXR1rnv3w1I5Z06xgi5wI6C9RIKKpI1-rEb_QeCMkfD6Hhsom8IYrsyYqwk5sfRxTVvrHk9-mJEKadmdLK9Fk4reYA3WWfZ-js9Bpcj8XmavOGTk8E_PLL5ZYiL7WnMxOJ429D7XVpObY4scyTrAhfQvz8hPbRwC37GtoBFNmDirIzrLNRqYyVxn4NIaPARYm1tUU7U0nJ-X70y3ajRJFy2ijnJWHSx07Lnsp1uL91yQCR0w2C3V6ujfNqb-2-7fpIJMH-2q0ADXz4bMM2eNbX0DXo82Hkfz6mh2l6YxM1MAzp9Fw-bvu2i2Gf-2eBxf0A86nhM-TsDF-MvmNg2PKziIEJtVQQEuTUqynW1HVOTOYPs_lT-ffwyQe0KzqdKbiu0YP0zCpfdzLV3GxGpkQIA3mhMj7f3rYIU6n-ZS3m2uHqN9eIKjoI4mbgtpgJkYQ0os6BzoHkuvKrodvNtkilOGHNjmm5Gbbs7tCrYV_7FbmTMX26a96Y3Lva-oE6vhQjbbE3iyuyBfWM7BYAfQLv06SsT3Br2CVaUL4XSZTipsizBqT1QHD6WGGlNmAz7zVp8JESAevrJ3hjRzxrlnkdwcEiqcdApTb7V9y_ZoLkaBAj7vwu3u-_dYfCqnoS1XjXSJdpDPnY4kGC8mA46kt3ZHpyaPQPqmI9dsuhQkh3he4zzMPHtzy3UEBqq09ldJHYZfYp3rvk2R1ksEYEJQuF-8nOxqY2AaTBC8-jDOjF9yTEohR3Fyg4UTeSm8R2s9n3A-0wRQkEyB950TitiHWEvdq2CBR2qJUW-OPW2rSCjaE05uDF_Rq8Y9KyyT0p54WJa5VQHpuSAIMdoIcL5SFoakplevdBRvvpNf3WWvVEuicOwP1WbKsbIyidNXi3cd3rDWzJUUrJZIVeeiC3GcSX0IqoPkGo0u_C9_YUpKoPV39wUc9RkR_Pcshem9qOOSLtlh6LW9Wc3YWeGOOxAet1us5IXrfDGS2ve3K7_P9FqH59YRoTd9UrPN6hoaetmuM8_lipMWZBa3QECm7MveaGy4yp4ZJrT2gJgpNsQpwDJsCbjpVxXiGrlAZjhlZZgnarkTTf7I88vlN-08c-rBNVLM9XCreIeZ2m8sPHLyun_ysWwstbo9uY6lvndrxMSkTgoNptHOFLAuKz_o7fiRSL2yrrEBYcsSYxY5fSIKj4_-AUaCxWcTewu7Iq-U-CdfteFkBi4kGkQupT5vPap330mF-HTWFON4H9TTWfe_nx5-MCdUiArTutKRYH4AdQ5zWMhQObneBKF2gWcp4y3KgEVx8X16QYF1p8PBxf8nEB19B5ocbXeVc5HQu7e8Gt3-5VNi7vchMJFFmGO6e6TW9NMHGDPMA-3MmWHAUxVelFRZ1h2u_CKoBfpeISzqYR_-uoGin-biwMhSqPAOQ4oDB1TLmz58djCd9flGEOIK_qe79nLbhWhPLBjpPmiNcZEhvomnal-i50cSo3ExdU_WKWadDVrxUzXhfhDE5Yk529sSEUxtINMOWc3slEYMDug54QChGKb2wsBP6hcdXykHSdrDoceXHD5G2Jjbn0v_9nWGnZ8kMbfsdbSPgmnqNONfMkcF_MLwbp0sUiMnqNCCbnt0CX5WSburYYvzwrbC1hQyuIAxKR1YRzIhLpbHqk9ZG7ZLnQJRIPCzhbfkME9BSjH-EFiR3p990HSIq-ODZnNcuXPh-JftmpCRYIdr8BeWkKHCro-XOQgW6PBKhk7u4m6gxvtvCUHW1-rC5BvwrYfZ3_1PIY3MGqjniSY2gVhYwzWdNcLbuxyNsw_fuylbjm24m2hMR74h3EOindSI6oRAscQMBMqfBM8w6KxOsnMywFQPHnThWtiztPJIEjLsjoShNdVfRfulOM4OvE29DF0BzbRUsUHp1Q4i49kmq-4iXP8vQm98omCCDFHLxn9q2bKtLhwhu1hV4Y&cid=CAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=8333087865757507000&adk=2307692975&idt=62&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f7c44c53c5021e9141899edad76995940435fe10a725857435e5a0b7ad1a10e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13807
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0A69 41 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYUb5oaCEDTa1fPaGsq8GpVfQTgPk5M667fzHEoJz0GQ6lK7mg-fiOr4ZKZyJUqT_qDCeZUCjezh_WyD1rPTLb87bMsivIXeORHyYzLOKuNzkYxxZVebjn5ceXW_SnW-XhRMB0bvCs5sWJrRl8zldYCh277xSccYxg3hDJgUHUkZeBvus&cry=1&dbm_d=AKAmf-AwO3d5QhuN_TIyYrGlxrNIx2ZqeDzf5MuV1CJ6uHFJLqvEL13YWi5EiPAVW6fKeykMr2ywvg96SwFRuV46CTYBv7o5B7ovRrnBAKgFwH2WlQUdELTVigjTj2Prjc92OqO_ESCiDGSQChsYMI7KbJIRbrlQqHpKqO-v5gzE00Jq4dV1o9PE6wphvtIFP0ubTyv2UM6ZYf1SWiCaUUAqCMTTy9taR73DGc6EiDrN6GZNemBL3ceG8roy6boU2tquMcdipQOa05BAlzGpP7VQZYl8dV5-dWCBWpfgr4YQwn8GSe2Zqypdu5zE8SGv1ofyEoe-o8h6vk7a9IW16B6lWup5lDHA5U8SDDcW2u9j1q5_C_ioh5uf63iX8dmtAz_43yWHhLI8jIM7SvEnr_LlhRD_tNKFSJ41RcuxgfJgw_SKPTD_NQog7de0qNzzSpJatomFHMTAYwpAUZd70eYXfgfOysyBMGnGFXkuUQhMqzwu_1opsOS5DBlF_0mUBW-hQhUq_TPJbxAepEKPmfPDbx2i_90WyFqNxXzhodOT5Awum1DGDSt2Nhh_IqNvIAjxUWE1Hbq16N3YjSWXIpd4miDzWQpdo6UQjutbdYW5wWl2j4Xf8drrbxOfZ_Z4GroO7zpBzP4VI5uBiOGaiLdrfqeIz1Jok2mhwd3jnxCgR8cjP17r4gMVpqxRdXSDmrdsjGMmIfYGtbG9XRyJKeI7CF-hCgdzmLsbM_0HSRIUaCVm6EcnVf-nD8xt0z6pjLG08ag2sY6jS1cJN27XIJNBulIuVkx28k_KHR6POVGjgl6R5eu6bw_PBr4dgi2KPW2AFTYgAacekeupYJqquhR4sp5QdVkSX3aFmCLouRelCSXsCbBIFjx4qJmcyVumpInZCi6T3Bkz63JCicYFVpnGBDppiVGb4nwXp3peohM6ox7iwWvUyxy3A6v5x7w3F6xNPOMlaE1SsDwI-CZOcpFTzHJri5wdex4jLRYvyaJTMZo249TGKsu6WKVdA4D5JiBBxb3vbq9xtzNW83Nn0p4Z1xD50i_WE8ZV7X5J1ou04fhwGOMNLGlbTI1sKh3xejtHRmYkGGeWaf4u44tHSvsgqRjkgb2z9ftFi1LsLk3PmnmSwJFMk6YNccE1fWoPlWXtV3lHygBkbGoZCJb7Xn8HPYaf78kCMankOLOtdJFY7AWqTHUc12qwlpgLwZ3x0qbSiPq9RKGrmb54Ev0OQQybQIAOPQuzyqrJd-E6o9jTnzSS3mn4zu7Ip-nHxEcIn5M1vgJE_HnA6TBEYzfvzxJF9PT--HQuGVBTu3Kp6cWrxe9tT7zeOlalLxLdtkCGu2BJ0xOQtylZMtRVBnI961Xg0t5DJuoj57FU0Z8ewC_eh6mzgy6--m4U5sloo8C2dumkS5K28SaTptq1nflD4TmcWzRd04laL-UJvOI6tST-CuuXhsAj8dPQUgVYwx9xrJckmowIOqrf144suc3ErQY3fNoTPI9uOT3TNn2RPdJqLQTPVOuoiY0YX-ip0UgrOYc1ZzHCeoS9-VEgAjHJgphmbOFBBKRQo_sfY0fdQsoHaV0Sl_q9KFnHcDao3D-aEIJ4bYv9WvGM5BG0P629oZOzLYB6UUnRj14f1PPHV71UElpn74-YvfC9wFplsvoHquxCvck46ILcmaEQSrMD7k5LeDAqpAYYgRuGf9M1xir1oWnYio5j4ThuDNZ4oFoiQr-M2Lk97SyNCAj0TNESAVXR1rnv3w1I5Z06xgi5wI6C9RIKKpI1-rEb_QeCMkfD6Hhsom8IYrsyYqwk5sfRxTVvrHk9-mJEKadmdLK9Fk4reYA3WWfZ-js9Bpcj8XmavOGTk8E_PLL5ZYiL7WnMxOJ429D7XVpObY4scyTrAhfQvz8hPbRwC37GtoBFNmDirIzrLNRqYyVxn4NIaPARYm1tUU7U0nJ-X70y3ajRJFy2ijnJWHSx07Lnsp1uL91yQCR0w2C3V6ujfNqb-2-7fpIJMH-2q0ADXz4bMM2eNbX0DXo82Hkfz6mh2l6YxM1MAzp9Fw-bvu2i2Gf-2eBxf0A86nhM-TsDF-MvmNg2PKziIEJtVQQEuTUqynW1HVOTOYPs_lT-ffwyQe0KzqdKbiu0YP0zCpfdzLV3GxGpkQIA3mhMj7f3rYIU6n-ZS3m2uHqN9eIKjoI4mbgtpgJkYQ0os6BzoHkuvKrodvNtkilOGHNjmm5Gbbs7tCrYV_7FbmTMX26a96Y3Lva-oE6vhQjbbE3iyuyBfWM7BYAfQLv06SsT3Br2CVaUL4XSZTipsizBqT1QHD6WGGlNmAz7zVp8JESAevrJ3hjRzxrlnkdwcEiqcdApTb7V9y_ZoLkaBAj7vwu3u-_dYfCqnoS1XjXSJdpDPnY4kGC8mA46kt3ZHpyaPQPqmI9dsuhQkh3he4zzMPHtzy3UEBqq09ldJHYZfYp3rvk2R1ksEYEJQuF-8nOxqY2AaTBC8-jDOjF9yTEohR3Fyg4UTeSm8R2s9n3A-0wRQkEyB950TitiHWEvdq2CBR2qJUW-OPW2rSCjaE05uDF_Rq8Y9KyyT0p54WJa5VQHpuSAIMdoIcL5SFoakplevdBRvvpNf3WWvVEuicOwP1WbKsbIyidNXi3cd3rDWzJUUrJZIVeeiC3GcSX0IqoPkGo0u_C9_YUpKoPV39wUc9RkR_Pcshem9qOOSLtlh6LW9Wc3YWeGOOxAet1us5IXrfDGS2ve3K7_P9FqH59YRoTd9UrPN6hoaetmuM8_lipMWZBa3QECm7MveaGy4yp4ZJrT2gJgpNsQpwDJsCbjpVxXiGrlAZjhlZZgnarkTTf7I88vlN-08c-rBNVLM9XCreIeZ2m8sPHLyun_ysWwstbo9uY6lvndrxMSkTgoNptHOFLAuKz_o7fiRSL2yrrEBYcsSYxY5fSIKj4_-AUaCxWcTewu7Iq-U-CdfteFkBi4kGkQupT5vPap330mF-HTWFON4H9TTWfe_nx5-MCdUiArTutKRYH4AdQ5zWMhQObneBKF2gWcp4y3KgEVx8X16QYF1p8PBxf8nEB19B5ocbXeVc5HQu7e8Gt3-5VNi7vchMJFFmGO6e6TW9NMHGDPMA-3MmWHAUxVelFRZ1h2u_CKoBfpeISzqYR_-uoGin-biwMhSqPAOQ4oDB1TLmz58djCd9flGEOIK_qe79nLbhWhPLBjpPmiNcZEhvomnal-i50cSo3ExdU_WKWadDVrxUzXhfhDE5Yk529sSEUxtINMOWc3slEYMDug54QChGKb2wsBP6hcdXykHSdrDoceXHD5G2Jjbn0v_9nWGnZ8kMbfsdbSPgmnqNONfMkcF_MLwbp0sUiMnqNCCbnt0CX5WSburYYvzwrbC1hQyuIAxKR1YRzIhLpbHqk9ZG7ZLnQJRIPCzhbfkME9BSjH-EFiR3p990HSIq-ODZnNcuXPh-JftmpCRYIdr8BeWkKHCro-XOQgW6PBKhk7u4m6gxvtvCUHW1-rC5BvwrYfZ3_1PIY3MGqjniSY2gVhYwzWdNcLbuxyNsw_fuylbjm24m2hMR74h3EOindSI6oRAscQMBMqfBM8w6KxOsnMywFQPHnThWtiztPJIEjLsjoShNdVfRfulOM4OvE29DF0BzbRUsUHp1Q4i49kmq-4iXP8vQm98omCCDFHLxn9q2bKtLhwhu1hV4Y&cid=CAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=8333087865757507000&adk=2307692975&idt=62&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214519
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTIzNTU5ODczMDg2NgogIHNlcnZlcl9pcDogMTQ2NTMzNjYyCiAgcHJvY2Vzc19pZDogNTAzODc3OTU3Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 0A69 0
858 B 115ms
56ms Image
image/png 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTIzNTU5ODczMDg2NgogIHNlcnZlcl9pcDogMTQ2NTMzNjYyCiAgcHJvY2Vzc19pZDogNTAzODc3OTU3Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDE1MzU4NTk1MTQ4MjM3MDI4NTk5CmRlYnVnX2tleTogMTU0NTIyOTY3Njc2MzU5NjkzMDAKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTA2IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIyMjQwNTQKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjYyNjc5MDIwOQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNTM3NTA0MQogIH0KfQphcmNoZXR5cGVfaWQ6IDEKYXJjaGV0eXBlX2lkOiAzCmFyY2hldHlwZV9pZDogNAphcmNoZXR5cGVfaWQ6IDUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc1NDk3NDcyMAo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x7cf7ce849ff235770000000000000000","3":"0x393bc4c8b112ec140000000000000000","4":"0x4e8136073d2fd4f60000000000000000","5":"0xd1879eb47c447b740000000000000000"},"debug_key":"15452296767635969300","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"15358595148237028599"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ykuzho0n7xq0 Show response
hal9000.redintelligence.net/zone/ Frame 0A69 11 KB
4 KB 88ms
27ms Script
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ykuzho0n7xq0?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 1bbc0afe6564de8b2968c7875c4fa4f255bb74e449cc3a585d2dec85d3095ea2

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 06 Nov 2023 01:53:18 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4102
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 139C 0
10 B 19ms
19ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5--tcA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame DF0F 38 KB
13 KB 21ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 209399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame DF0F 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B3E0 42 B
64 B 56ms
56ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstmHvj4QIxY9rZMrVHtv47vfOkLgu-FMOtn0DJR6HLOwIq3n7lba4EEt4edZxS1_FK2Qg1azFN1yiUdJoRa0Uu4dGXey7xZ13ODhCQcmR5SidDNgH21vRUp0rhiW1GCEexWZKpLk6EM_A&sig=Cg0ArKJSzCL9sARjuJutEAE&id=lidar2&mcvt=1012&p=0,0,90,728&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699235597223&rpt=570&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 0A69
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
935 B

141ms
90ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D&documentReferer=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8702286623613&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Protocol: HTTP/1.1
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: afb950f052d11e2e8ee6ec7d4a914e3542106c4b71d0be274a34711979aa4fa8

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Nov 2023 01:53:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 35447700006581304438268012500007
Connection: close
Content-Length: 329
Expires: Mon, 06 Nov 2023 01:53:19 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 06 Nov 2023 01:53:18 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D&documentReferer=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8702286623613&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 06 Nov 2023 01:53:18 +0100

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D75A 111 KB
39 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 14:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41719
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 06 Nov 2023 14:17:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame D75A 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRrvN70VzcwkOZCuN_b8JfEDbWuhCO3YQcBC4v9i-a3KgtwhdR2KZtmDiHbcXh0Dzm3V6LkEDv5eKsHS1Pei8YBz2TRkLg_G6DCzDAbFNiAqAp-4rmzk77C_-IGrMbYE-owJUiXwkgJ12tsLObj7T2M0pLPMmvV3-C8m2LO4TndgR10Yc&cry=1&dbm_d=AKAmf-CnmoSR8wHFliI1z8-Uj4wChiMGILcsrq1tEehOMwPGqg0PP5la4GEwhQQKH3NmmVpzSBzUc4KJjpqmVgvJevVVm0C1sTj8xtY5Xg8UWBJ1fwunsWco79dmV_RsiyTyHUmgczNq7ErlAQhRg0sPUnbgd1YKgzJRcPXsq5Mvt8PlcVZ7mPfcLFy6XatPQCfBobHN-yNOod9skuNHzZ3kfeghGtjyXMXl02q-GxrNdKvjPGu0eh7ZTMbyV62wjYdqRIv-GMa-195uyEpipr809CHaCCYY8ilfltspquiKg58C4IXVaLMfdC0YJ6v0zVA89XX59hJkcO7rR8FFAWL2em5zpN9kSmIeRH7gTmXNkbUpjjR-ppokeQHtvP3lttPof4n85IFS7NTezLLsr-DtNRAUpNu-1_4mjDO-hM-9Ccc5VBXYr4Tww4oTd-CWB1eyGpSSvJJpTxgBFpsVNpR-c3twGcEAYkF1tZWtnK78yd6HckxHtnfrknrU8HHwvlHQCs1s9hLHB40YNktOK7H18ohNHfgx5geJXjNmtEe-NPFCjFV4YBC5fA52YvoqGUyHBWPR4FblJ7avUpP0QrMI32BIjznFYIsGNiXvLlKZLr7pNipQg5s9_-8bcWFKEbWdbUOd-uFL35AkwS0Qx0RJ67L7bJGEjJY9VxuZZgcI6AnkrRJzU2pwgYkPJ0cTSf4u0ZUAlD27Vu7WK0ERcJUfix1i4VvQuz4ekDLsteA_wk_iLi2bT4MUlgpOGr6pWBvYSVOtXixomOZ8I6huraRwg9h1FxdR_X47LeJ3XP2HriZwrU_2sKlOvHmfvs-6meEDGDbnF05JsjXh4e2ORpzFoBsLSnGd0Oo4l39E7-PxBhsCfV8_ZfYw9SpOYMAzWhJ5c5ZfKrH_6cnQq_X8LkT2P2iVY8Pdaz0nmagPvtjk1yfJ_g2xaV-2BzZz4tCT5oZeqWgy-MxgrQw4ykxvhA1HjpvyQjXnyXoS_Bguya5tHIsd8VK1MP5ljGJbQPVH-kVJb7UE0cs5dOlqZAgqYXqoLfL6kfFhqeuqQLK1xnZGiNLVoN3XMbruQiLHkspkzmeMEbbM3_FnEMe3Iq_5Dmev3_71AaBlFsSHqJQBKnhJ2XyEcEO_bll4Gc2yIWVMYR6i0sgUJ3b6Xp_vSB91Bdlr6xi5_tSVgsIzI4EMDEcrh7tUK2_HKD4PgUz_nst3aIB7qrUhsalN1QAxWMVcpyc8zZJJuUUrg5LFOSArys9chkB5S9BoD1N52xKQPE0I6_WQpjBIL23jp-x-pfsyFEP7iKWx0ETkaSucPVLk-I2MG8enb45BXsEHJX5GKO79MGY2RwpW_vKVlvFJ17Kc1dL5hGOfrRMVxmJLKwN-mP31wTD1VLy5LoI798P1oI-gibSj6V0GKo3ZacLaTLxFPv71v8RQ4J9bZfSL8BUfi3XbUmkmLdpTsu5aTuXGqN_lxu3_QbRCnHzrOnT9NanOYiby5lir1iLkuRGWhntxP1ebb0ETvpsuuPKLCnGYNCp0_i8UczHgL9aP-6dmyVseEPSqizk13wbUkT6H_YQD8ryzKodmBVqGNLlagCL0kbDVnBQUfKjsAOKFxwIIe9KbvnPxBMWLIXoI88G-gUHeSH_i_v3eAkuVodCqw2CIGAbpfC4yTOGt-8Hmeka7wD7DeZn-LJv_n0w2o546r6V-gEZt798y1BwJuwL3OLNPrwx50G-NEN3cE8PHg_QFqt05y4vvVjjrsntLvflLNB2_u3rCSdCc2juS4jivFjTk49iZllUBqT1TYEQG5OPNFAIglrTgj53z2CI0-cCmuNY8bC4CC61_TXPWE88H2cTJGLWK9nfs02VKaP9M9xscrmN8xNk48wJbKS2JYCj9lXurPmFHOVtjb9d-UG1TCaIQoqXgjELZ09CdWshaxrEXZm06rShpxkOP4ZcL3WR29RbSQyr15AkOPbH25Qt7AuJpUsiRGZxoDDPuKe_E8sucpcx2ZBu-fE3UeWLuS_SqK1xOb_fGOt7MZYAj5yLkR_7582BDwnMgrALKIZ4k-5_N449-mX7J3pq4Ey6kvd0wFrYKR3LpL0bsLn7aw0Q4gg7hvjSI_HHChW0EzB1UDwytZaEuv40HDjuwiaSGL0_TP0YWbjfk9lgF3qbyFZDErWVjnot6_5S1tBXeZXSdIKbEfIoqf8diPKGZ_T2sUEqm2El5co_TSEsZYIMLvQnwf93lw6wxQ4WYavBafIkOn9_ROzj4XlXRiYfArHadolMd9fGe5eyHPOq_Avq3Re4rGxjfBLV-lNrdyNZt9WmjUUtzM2iQjMQQ30g1dCpn3LOJ7_37CemNVcWXzIirSOC1aDF1FmwYXrodnYueamO3fRqbw6uOee0MArSje5rnatsmVJptaX5Lrm8_gWlBgyiYuk9PDG8oZl1lRa2i0-CfMmKVhSFyiTnz3zZPnt1SxIgPP8V4b5O6z0m3Izm4Em20Vi5ap1_lAOzipoGS3dTXRsstgHgsP9GpirqY3g6yLS8uxHUj_rjrwMvJswjoNCPwfQ6QvKMLdfmNaevoVJrni6YYUnhaqNrduRo6Xr7x5QboXW311srkTvpiHpHBdHGTc_ueWOby6wtwr6E2SII6WuE1Gn6QqLuWtCqGZqrFUSMZEz7h1s9382vNaWszlxHh97Ym70M00KYxEdFv54g1YNBZZvri26eBCi79V8ShhvcrISLuQyM6dVqAMkTZiOCweacUyBCDt2XXqbul9NZfbaHM72T8UU-D3en2XzLoQl9EUZwQ7MTsba4B-wffMdt--WNm-x2n5MV26b45hkc3i6ACXlyuCPC4xsBJApypAAKU8aDjnABBUHRarenAKj6ka6PSANYwoB4ETuPNZfD1bR9a0OmCVT9OaU5cRZ5Qlwt1x13DTuCyxoItVYqEH6ZvY6oKVBFLJjrprd3A9MpXU4A_o_Vh_5Cfi2rlHUZVKk9dj6yXbnf_j1b078tgU4NUx1osPpO2FmkUxZT2-sNIWov7TPRAjIMGrE0b5fgHge1_cSMOtKqsf7xgiia2nHjuJqMRYhSB9ymR5kAd4ZcufTSjzn1_UX6xbo9a_Z1jGin1RKLRok6iOfLOmAxEzjtc2PDHkpgiGWygb8659ypYmnxpWkuHstq8c9fDspzxysJN1U9H1Mj0NdXEqG5nrkE9-OJ7RatcqpbHAx8oNXR2iPOogs9TQbqdTkrH70wc9IAJ37daniLUHfghdsMltj95D3Ik_YTHjyGYCUXruMde7eoDJO2XpcOBzUXVPHg0x2Gb6qdDZIrsOWTt0nwsxsd-XyiU7F5Aswc_K9e-Wd2niKgbQnuegUdPLnKi0zz54cxpPETjuQjC7sV4U-4X7WULcGk2ho2H5QCC8Y7P-b6lhEpejCheI1_4wLVuHjhixh9CXQGEN4vueW4ybAyHPiriP5FrgkaqLaPXwMHeOxey8PvyJCrQwNIwiNvsxTgM0A&cid=CAQSKQDICaaNHQsaaGm39dzUnbkMRyDQS1rubw0f0qqP5X5HkHKfmTXhjxfMGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=14926024893855478000&adk=497053795&idt=47&cac=0&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:21:54 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame D75A 31 KB
12 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54cb15acb0c5f40e191701b259fca34a71656a5d07c750de734ce598f5f5255a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11960
x-xss-protection: 0
server: cafe
etag: 17132697034905592634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 19:21:54 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D75A 41 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214519
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2600 1 KB
643 B 19ms
19ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 34281
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 16:21:57 GMT
etag: 48472445140208031
expires: Mon, 06 Nov 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2600
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4S...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH...

43 B
397 B

214ms
185ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8219b3bf4db01da2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 347
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmT11yki_W1joxALf6Ed6RB7qNDdsi7wAL-89qTr9MS6Bq_BUKcyoNfuNgJHoE7ey0KrHOGj_IAu5755hp2l12S2yWzgqsH4Sg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8219b3bded131da2-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2600
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEPvNfL7t8Kf2klQ-feue11o&google_cver=1&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgr...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgrseZ9t5H5d1RJdjSENw57GP3eA

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgrseZ9t5H5d1RJdjSENw57GP3eA

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 06 Nov 2023 01:53:18 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9346F6D4D2564A71A64602226C14EF80 Ref B: ZRHEDGE1409 Ref C: 2023-11-06T01:53:18Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmRKA318AnssAPjF-s4lB6G2SSaWsG6GhdUB-qsfahb0hkf2jVU2HqU80GDltUJNEUnUHDcgrseZ9t5H5d1RJdjSENw57GP3eA
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJch5FPVQW869+NG4wIQ==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2600
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEEpuJP6lk_8AZh-NEu6uUFc&google_cver=1&google_push=AXcoOmROzy3LFRkRN2rXQihloHj9cRR4XodNMsnrSxBSZQZK63RFZ6EBh2Tf2xYIgLewxQOV7lXSGogkuamMWYEdErZT6Yc1AGPdEA
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Mzk5RDU2NzdBRTY0OTkyQQ==

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Mzk5RDU2NzdBRTY0OTkyQQ==

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Mzk5RDU2NzdBRTY0OTkyQQ==
date: Mon, 06 Nov 2023 01:53:19 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2600
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEEQGwSjjA-RGynGtNeS3EhA&google_cver=1&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw&google_hm=M0ZoSXJhYTExU2EzM3...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQ4EGPwnwVHX9nymxZ65HfHXLOJ6A1Onn0bvBavmrFrmo9a5QimweTtyzWl3EmD9SbCWOReaJXBz5WXNX8iNNWHeRszGpjfBw&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2600
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIfzZLc3W66iKf4EhHRi1t8&google_cver=1&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDT...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDToT8B-5Ziupbvmvj0_zeQHRSg&google_hm=NTU4NjUy...

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDToT8B-5Ziupbvmvj0_zeQHRSg&google_hm=NTU4NjUyMTI2NTg3ODgzMTU3Mw%3D%3D

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AXcoOmSc8whgSCNJqks0iIwXpmh7m4j9KACiNuW1RmKWqXU107Di2I2pRks2fqe_Ho6-vjvwLo5KDToT8B-5Ziupbvmvj0_zeQHRSg&google_hm=NTU4NjUyMTI2NTg3ODgzMTU3Mw%3D%3D
date: Mon, 06 Nov 2023 01:53:18 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2600
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEFsOMHz4yMJJ_BH3p1_IEEI&google_cver=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4Ql...
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEFsOMHz4yMJJ_BH3p1_IEEI&google_cver=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdS...
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=l4p4HuavS8mrlNhd_hj64A==&no_redirect=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9D...

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=l4p4HuavS8mrlNhd_hj64A==&no_redirect=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4QlW5e9JO4h9T63W-c7v48YKCR2gQ

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=l4p4HuavS8mrlNhd_hj64A==&no_redirect=1&google_push=AXcoOmTcS5YWnldcdeO8ZplRNB62xOMBLiVcKETInCh02QQJNMho9DpXYfGm5D6ojqDSdSn-F4QlW5e9JO4h9T63W-c7v48YKCR2gQ
Date: Mon, 06 Nov 2023 01:53:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

0.gif
id5-sync.com/i/495/ Frame 2600
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEJMUcXR2Jp_qFZjBl2RE_8Q&google_cver=1&google_push=AXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-TpMRFkQUrXfDJQoB3PYx30_oWpFiFtscem1VzTs2IsfgXdah1LAMKw
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-...

43 B
921 B

82ms
24ms

Image
image/gif

162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-TpMRFkQUrXfDJQoB3PYx30_oWpFiFtscem1VzTs2IsfgXdah1LAMKw

Protocol

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 06 Nov 2023 01:53:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

date: Mon, 06 Nov 2023 01:53:20 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSbFekt64XWkS_2swDmbhmys8_AaGF8H1eZbTEiMZL-TpMRFkQUrXfDJQoB3PYx30_oWpFiFtscem1VzTs2IsfgXdah1LAMKw
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2600 0
12 B 31ms
30ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFECIDC1oefDfOmvPitSfy9pj2QAerDvdrTHl3Cn-7ERN6cP-4KvmWcCpYMmFKwfG_QTRhdMA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F0E0 38 KB
13 KB 20ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 209399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D75A 0
0 68ms
67ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQRLDgt_BVIGS6M_Vlr2OuDhdzdIGnmOxbuIE1Arre7u8myz2lYl0xE6RpjB2Q0IZFosC_hGVypHCQCVJP7BtsT1QBqaEBl4syIqB0WYAOxA4Yk8bgD1V5e3QT4oaf0FRD45W4wB-kAJVtH9sCS-tSudBPnDc6vYUHsmgxsb_gtk0CP1wIPVrWiRShdluZhYku-xVYrONuR0LfqtjdoOlSGp3iVdtEKqx_wQgvTXTCWNp11EgilLbVg5ExxbQLRTIRHlDTfJ1p8kZ7_nUb8i8Gey8etpDRBTNBOtKZKRnpjMTAzy11e6vD0wpb7GDP4xjHI1kH7Ewvi0WpToSLJf4t1-BdYvmRxqjPTumGV7djB6vhHqIjLCabz6k6EFggydpyTOfy_JRKBj5L_IBc6Ad5Ig07pe2hsTuPJ5GdPNq1n0sPtHzb61tFdIgA8yVREe5DFYtVPG_ATnfKNOPhck-Ur4fOa6JVLxL62BWrqAwe5NvEkZFvtE484GzpwlABNaC6-Xd0KeJfDdv--0KNXnoSMRT9VY2wCaZmhGXHsRI_lnFClOVx22V3Wj6VlOvjpJMjXxDyKKgKGsWNgrH4cbPeWLQh6vJ0wCd_LFjsYBsuFglhkEedJUSxoWQjzm0tEyLBtaRcGFze9p6rbaVLNuyouY9HbApGuCvQ1A2P_kGj6gL8caybZzA7W1y3Q3xPhtoTj8Txs0dpmiC_712yc5hOlrAbpBPnqYKNpvcX44NOiCH4S02r88il_Q2tmbPl-EXAhhIzLzmQeeJU-U24y9Z8C5iVz6sI3r69d0h-YQtn-1YfcxRSfqrs2B3-pXxozn8jokFj3i0BP_GtAyoIPFtu52Veea2sqKZZmtRMp4d_w0XsIeRkIQrPwzvG2qXXjI9FgLA_nu3F-nRePrjBAoK6OKYFs8-KERtc6XMHAPtvONc9XvPMZ46lT8Ucwoq8DgqInpc8Lcqhyp9X61-HlLYM_Bswr2SZuWvfkc-eyr0Dm8tUSsh74DIkDx7hJGsEOx-ii340IJOXEVoQC5UOcsr_VVTrpivEMVURVjwFn74lc5gvO_e3Qy5SQPJdVTM-AwYpzfjtlra7RovgSfp6hHIVLTdwXE5Ocb4UNMHgzixFBZubfooX-55NDbFT_v-0xZ2r9-YhswyVIulWV2MJNS8QAGHsM4HJMG6s1sscAzokrwnzbpSMrFsFbDVBwQhvM8AlAhFjCHytcTxivt-8YDopfzEzOgXoJX4T-iKec2DysPMSCPjg24crPj91XB5dhEp2kSQ&sai=AMfl-YQOegblBFCpRNApXv9kz1jlsXoJyoNxVzHNyNdYjVcuGv0yoQzThIy6u3bWS13bmsXXi4KHcJ_gsnVWL40Wbt6ooNFAzy3fnvwbPB6WDYBhDA7O9-s_2jXykv-8bHv3Ig9Cx1WsmVQ32EZMW31g59hvn_hQem7XIMgJdpXZkaOI4xH_7_CiGUEfWLTIjQOUdxuvI1fb6J5k&sig=Cg0ArKJSzMgCQpH3WfrTEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=59&cbvp=1&cisv=r20231101.97042&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 06 Nov 2023 01:53:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 12647073951582036279
s0.2mdn.net/simgad/ Frame D75A 20 KB
20 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12647073951582036279

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df63e9b76d6a6f5beb607115157a7cbd9a7f17ea3358e2b87b889b919883fb12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 06:54:54 GMT
x-content-type-options: nosniff
age: 327504
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20230
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 10:09:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 06:54:54 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 764B 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBofPcrK0ewkksTeXNwqG-14p0NJK3LAWsLR7lsMKp2P5rmQ9xz8attucCw6_EYvfrcrIaWjKmv2GVMOWcXkrGTxXoWpK7WqVITOk3QeWFJGdUNmubyG7VvY5h61RE198TJSn4oUwxGchjJu40LPxQkdn5RcN-YGmfIXfjT7OSGuTo6Ftc1LjU3LaJk36CobA9mbveFWj1xg1V3RMPFECXp5Cs8HSu7BzdBYcNELxX0UVo2G1OWp8NpEY2w_ony-aXLmvuhlaXrQ_H-tP3OyrmZ8GU3t05guNZvFr8AexQn1E_H2opUP3xpAUZwkuToy_Qme2e4zevIkaHypKe0yrjqK-szwaVHE01hm-ecd1DMYBHYqTDI0ngIHcnxHRpGhXKuZ1o&sai=AMfl-YQagKYL0X_8o9pyC8vhbq-eWipsO7Q76D6HzkYLL5l1eq1kDX8ytvv_a8biCVpkTkTBs6v8urhalCx4N1E&sig=Cg0ArKJSzM08GHQEFPJTEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:19 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 764B 16 KB
12 KB 41ms
41ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231101&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_fy2021.js?bust=31079424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

651ce2ced715406900e79b4f9e8a90c14f5535d56f3c14c991386bc9c7e4698c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12396
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D75A 0
0 59ms
59ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQRLDgt_BVIGS6M_Vlr2OuDhdzdIGnmOxbuIE1Arre7u8myz2lYl0xE6RpjB2Q0IZFosC_hGVypHCQCVJP7BtsT1QBqaEBl4syIqB0WYAOxA4Yk8bgD1V5e3QT4oaf0FRD45W4wB-kAJVtH9sCS-tSudBPnDc6vYUHsmgxsb_gtk0CP1wIPVrWiRShdluZhYku-xVYrONuR0LfqtjdoOlSGp3iVdtEKqx_wQgvTXTCWNp11EgilLbVg5ExxbQLRTIRHlDTfJ1p8kZ7_nUb8i8Gey8etpDRBTNBOtKZKRnpjMTAzy11e6vD0wpb7GDP4xjHI1kH7Ewvi0WpToSLJf4t1-BdYvmRxqjPTumGV7djB6vhHqIjLCabz6k6EFggydpyTOfy_JRKBj5L_IBc6Ad5Ig07pe2hsTuPJ5GdPNq1n0sPtHzb61tFdIgA8yVREe5DFYtVPG_ATnfKNOPhck-Ur4fOa6JVLxL62BWrqAwe5NvEkZFvtE484GzpwlABNaC6-Xd0KeJfDdv--0KNXnoSMRT9VY2wCaZmhGXHsRI_lnFClOVx22V3Wj6VlOvjpJMjXxDyKKgKGsWNgrH4cbPeWLQh6vJ0wCd_LFjsYBsuFglhkEedJUSxoWQjzm0tEyLBtaRcGFze9p6rbaVLNuyouY9HbApGuCvQ1A2P_kGj6gL8caybZzA7W1y3Q3xPhtoTj8Txs0dpmiC_712yc5hOlrAbpBPnqYKNpvcX44NOiCH4S02r88il_Q2tmbPl-EXAhhIzLzmQeeJU-U24y9Z8C5iVz6sI3r69d0h-YQtn-1YfcxRSfqrs2B3-pXxozn8jokFj3i0BP_GtAyoIPFtu52Veea2sqKZZmtRMp4d_w0XsIeRkIQrPwzvG2qXXjI9FgLA_nu3F-nRePrjBAoK6OKYFs8-KERtc6XMHAPtvONc9XvPMZ46lT8Ucwoq8DgqInpc8Lcqhyp9X61-HlLYM_Bswr2SZuWvfkc-eyr0Dm8tUSsh74DIkDx7hJGsEOx-ii340IJOXEVoQC5UOcsr_VVTrpivEMVURVjwFn74lc5gvO_e3Qy5SQPJdVTM-AwYpzfjtlra7RovgSfp6hHIVLTdwXE5Ocb4UNMHgzixFBZubfooX-55NDbFT_v-0xZ2r9-YhswyVIulWV2MJNS8QAGHsM4HJMG6s1sscAzokrwnzbpSMrFsFbDVBwQhvM8AlAhFjCHytcTxivt-8YDopfzEzOgXoJX4T-iKec2DysPMSCPjg24crPj91XB5dhEp2kSQ&sai=AMfl-YQOegblBFCpRNApXv9kz1jlsXoJyoNxVzHNyNdYjVcuGv0yoQzThIy6u3bWS13bmsXXi4KHcJ_gsnVWL40Wbt6ooNFAzy3fnvwbPB6WDYBhDA7O9-s_2jXykv-8bHv3Ig9Cx1WsmVQ32EZMW31g59hvn_hQem7XIMgJdpXZkaOI4xH_7_CiGUEfWLTIjQOUdxuvI1fb6J5k&sig=Cg0ArKJSzMgCQpH3WfrTEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=105&vt=11&dtpt=46&dett=3&cstd=99&cisv=r20231101.97042&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17714521276683917895/ Frame 8FE3 121 KB
23 KB 20ms
20ms Document
text/html 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17714521276683917895/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4727225a9f10ff46646b79ce022f144331bbf99ffd5628482cda86572f2db15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 358565
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23287
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 22:17:14 GMT
expires: Thu, 31 Oct 2024 22:17:14 GMT
last-modified: Mon, 02 Oct 2023 10:09:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame F0E0 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DF0F 0
23 B 57ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B-qsiDkdIZfLNLJ7a7_UPxaKi8AEAAAAAOAHgBAI&bg=!tLelt_jNAAb4oU7C2KE7ADQBe5WfOBY8eB83LRdasHfiI74Y-KYjht_p9mBWh9OkgOTf2H9MXLyDJ6oReoWa-SjrLtuaAgAAAItSAAAABmgBB5kDO1NahXDpWxjzGIyp1gs-OmerZ600xQQKnzKJZZw6Wy-k2s1lPBrZX9nZM4ifO7y8XHFmlJoDNG6jjDrZFgyqHUFhdGETEptW8wuGrxOdHJsvp5bW9sRTB_OudRm1GgYacJ-vF9SP53YM2eEcxVWC7GZbUOvcgkKejZd5c48ya9dHw0R1jdAQ6Lox-hwqiQVHAGLnPq9EGAqACAObi9agKN0NOy6rgavNL866FfjKw7wP_qjAHHiAU1VwALWo3PvwEcku-AoUyLRAAVW1f6z63h4YO_J4bImOQRa1mmsNwCcfcKzU2RPVawhBn3ojTsLkCVUCVuKtUH8ITbFufUuvwrRC-dJmj14RYJfws0WGbdG2L1x3k2BVRZTbM2r-wE7IFXSp6dJY9guVYViTUPrFVfc_a99mfjwUamKRb6lsFqsu-nyuYfvVHgOx2v-ZqD2_XWR626qtWT3zo31Cx-RUKD0Ml_rtiHbRhSJ9OQbiaOWOXB-72s6bkUxZGnoh2y0IixkNrfSFnJSKqoV39EcKnIW5fV59y22qdMG2VXOgnrKq1G8bqRewgndSYWkl6uDRMrtPT6BuJw7h6ZAMG-BbJWgrIOZ9wvyuHX_mGxwwfJeko1dlC9nbQeTDM5XEEb2UEZZNEstFtTOrwOVc4xRtnspM9SvLgj2aUNZ4UoxfjEYDgQYRDLFth2SfxLu6UAdIuQYvhnJzEuPSWZssKivG-Tqgj8dDn366_6SS8RrY9ic5k3CrkaDTBO2-QRskwO5zko6MFya4CexvqfEMLVqEfgOIr2CRj78mYzb-oUj9II0aoJAM3lA3US8lXGDOeukcjnRwxaSDKoXAbO8lXAWHWOzY6xnPI6r8OO11C0uWG_5Ju3umph-pO7yXglID5Ct78vu4FxkvlVqpFNcYGj5Y9WC409IA8vhLjDzSUzklhPT5seWnMa6QbTCcHJAl95xOVP50uNKbtUdA_BQsCr_5tImrUPI-xmoJYE-GJ0HK-O0PXSpjgI94Bb0EsUtJAo_T8ata-2cntG_FTBLPxQO8oL1GbcSmDrn88Msc5lbCQKHaz0MTmkDmFW-qYZR371ccWcFG88JuVgHkJg7A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8FE3 2 KB
1013 B 80ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Slab:regular

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17714521276683917895/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

07f7335b4dfa782be77920282545739a979df7df72fa55b30e47acd55f77b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 06 Nov 2023 01:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 01:53:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 06 Nov 2023 01:53:19 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 8FE3 32 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17714521276683917895/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17714521276683917895/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 07:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67197
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 06 Nov 2023 07:13:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 764B 17 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_fy2021.js?bust=31079424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:53:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F105 13 KB
5 KB 21ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 21070
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 20:02:09 GMT
expires: Mon, 04 Nov 2024 20:02:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E459 829 B
560 B 29ms
28ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f68840afa4d2d0c2a209bd7702f30662793168b07be8e6698716aa142dd3fffa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-puVop5O3-7350_AKNVUghA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-puVop5O3-7350_AKNVUghA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:19 GMT
expires: Mon, 06 Nov 2023 01:53:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame B27F 7 KB
3 KB 79ms
27ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=ykuzho0n7xq0&nw=20&renderingType=javascript&namespace=506e53b756&subid=&uid=26e9ae5b47d48648&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=120x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCoQNpDkdIZfWTAqWV_tMPlYy76A2RwdCbabvpg5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAircdGgTAbI-qAMByAObBKoE9AFP0IbNcuptSnpBSYHrloTcNlS0TDKURxhq908jGgWfrqCQ9I9NwpxSGGtePT_dNXIoFl_uuWFpD-5AOgrJq9tDWdvD7eV_bVmWnX6zOXNrHMccQqJMbNCXHvsLec_AyVe9Ic9zyS9quRc1isHtpPD1c3mbrZYOD0Y5D5-8DJzmgMX1YByiOqNqb34GpiUwy6uSXwvQB9a2sVQyoS0j1mWEc8L3DhjfRHXQKn55OsAr4nNb5C9QHLJlqX8TgXLupJuTVgFKk4VksMzANb1Wum42Ny270Axzu_CnTMM1_aBah34sFVPdaFuQwlK5gXiNPlzpSXqowAT6xouO_APgBAOIBcHeovg9kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARhdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMDCoKCgjktLEC7rWxAqoNAkNIsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaN5PBAbgbFCwnhrI8sU8fi1H4KTh8YwBTtyQd2jMNluFWaHnh5GAE%26sig%3DAOD64_0C2zrGglmKc8DvoqD5-0jmnm78Iw%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-DqNMHxEoyPsQLM6J6MrRplI8OXpvZxzh710x7576BZ6hl1D9NfhJCGvyW-glGh4rvgngruA44mSahJI1eFt4x1ioxoYG1VT805cDi_FvJ7bES4dDXTWgJLc6XMmujRmhbDkxlxWr3ttRuinjUs1NDomjjYqoItugmUoNq_CR7vDj1z0jg%26cry%3D1%26dbm_d%3DAKAmf-CvbnkpBhuN7MPyogt-8JsW7C4S5cGhx3QwoPPzfnsWKaoqUyyAB8i1AP8K-TLLWUJC816YckNT7alvD7WwSmqRLITgOs-FQ04Dc8zPK6tfRAvmC5Dt1XQySy35yn38GwJSvFUqVopM68cxHQ-E-Qro3YNVewJrGAsogZP6nSdjdsquY7ekOCLGTMb7ohIdLzrLgwEilDVLWdjUNSkUbEkG5P89CJVfzLKTr_f6Fh9sUPMusQo9QP_bsudfxHNkOQKKr_bJksonGqTNEUGuXqiSubBxx83pzmmuLKxILZyulSbbSq7uhb__JapA67B0Z4DeZZCuAAsqV0SpSFlfBNQoFzEXsTd9va2efuHpAxdiK87QXG0SwOZgSib7LlTbBCG2MEpErf8XWO2AlNtqNGlOHw5ftanmrks2jZj9Ea2W-3VzrDpUtynbrX6AIfXXMjMgKN4bN8Wk-Yc4BZSA4nqy0Wl6PgrKeVli8L1YzOqHTiwwMXxsjhP1SSWl0Dy082hv_JZzlaI37mEo-c7JxRYu3wF42WmRkfIq1AsBYrYzJlJyJRU%26adurl%3D&documentReferer=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fc91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=8702286623613&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1b1cebe265425cc539a2fd94fc1afe08df5c8ede390905cc2b8f9c3bfbf608c9

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2285
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Nov 2023 01:53:19 GMT
Expires: Mon, 06 Nov 2023 01:53:19 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7652 1 KB
647 B 21ms
20ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 34282
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 16:21:57 GMT
etag: 48472445140208031
expires: Mon, 06 Nov 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0A69 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 078499c0648602653c4847140d474b8af6d6e66e6f91f543978927bd34d10cda

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0E0 0
23 B 56ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BtIypDkdIZc--Kqnnx_APhNGG0AEAAAAAOAHgBAI&bg=!S0ilSAfNAAb4oU7C2KE7ADQBe5WfOFMYelTO70QHRbh_EkYrAQKcjqI7RKAFPpr8Rc9W_5U3aI7tvtyRvp0AYFicO5yxAgAAAFRSAAAABmgBBwoANPOxkxy4FRc04uzckf63iZK2vZ4z4FipazwLUJUYsGR5iudNeZYiMTckgrG1RCZ5arRCQ6CZAzTS3lVX2xjncBGvsWOdUlSSW5K_YsIIe_trH6F3R1wR_RBo4gNT5Bkz8YgN8fWzcoz6fqTlD6fnqpQxDN-2AbUL7gbaXqwurgkTw8K3k5J3zHxQLLFGW19dRAMgBuRNUDywGc7YS9Xkauy7sd_Wp4FvQz1FMvkoINpw3jRd_FU2ikH8VB0TwaWHbMUFTXs3P8RGAk0TL4SWqTXoGf7vYu9z5Ssq1oY5zTf3Tl0WPRRq2LsjPDumpc5rxZzIfAkLOv6o5Qw-_-DHYARF3MLpo1e6tnD6grwwHY_9w9Xde_zGko_LAGR92F5OGHzg-qUk7exxmhmUv2lp8zd60ZqP-gKELhK09ENBTzcCnED6Z5VqMfDgKis_DYTStk0yywK2yJokAqs3OoQgnFhdep63VTGCSITmGMP0LmFOwiEwFdxwLujuCHb1nvSOjQngTe52W-HLn4pBYMVYaN_XCD4wcciY4U1HkKzzFsawisjcOFTKkrODomF7GxTz9D92yyUl7gvBHeGHBeHtSXS5NBxFaB7DiTc8N_pApR_rRroNngik05WiQXX0iWYEYpnQDNcOhcRvUGyITbja3eNuCPTdidTfylVcQyTqZU1K8OmUWoQ_2ZnDcbS_0PQtdEJKJCE0Q0eYXD5pof2UqAu-0hPUIKfq7AMFDjk8jrVpyJ_PfZxtpgjgzeMCoYNm65C61B8E6U3WeZHaQpeC1AG-CBm45j9Rgl26kkVkFKoxaBW2MMyzZvKcKq9UoQJxbshw5qBCu5TFu_bQ1GmY5ua-pvCBzkEkXrn3aaTy1NuOEb1X4eWb4RwbOus_0cL3WTsTPkm6fJEZ6JElFj69Zh_QDruWbKfnBgAhTVywv8CC4OlItaHkk3ObWTPdfwKmFbBHD3VL43M95DNC2ObDJtCgSVTrwAWsBYe6y14NDkAzv9wKE8uDk1inTWah_kxc2FjbfeE3v52yV1NhSqbDvC9xMRg50GvhHAorD9P3oNZNv0Ltcxihq6jqnPGk2hVfZ4qqloEsueKhRHVwUhF4RVNk-k-U_KvCVN2l4YxIyfLQe9PCgdScUwngR8vkuQaBeeN21HEpOkt4ZW45

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E459 0
0 53ms
52ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231101&jk=2354622432321991&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame F105 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 7652 43 B
416 B 194ms
181ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESENOa4xZHmC7pMrAXaBLvedk&google_cver=1&google_push=AXcoOmT2ianfVZqdteuAxJ71X0YTEzIegQ2-ZsTWiu-ZNrJKZV69Hiky2IuqJps2IJwrRdxlhsGCl8rjqMAZhIr4cw1LULMD6u7NIcTJIhcF9q0WbXVOyH_GLmBMqnNru7GLrtDgDJVzmgWXwl6FFaXrKtY5&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmT2ianfVZqdteuAxJ71X0YTEzIegQ2-ZsTWiu-ZNrJKZV69Hiky2IuqJps2IJwrRdxlhsGCl8rjqMAZhIr4cw1LULMD6u7NIcTJIhcF9q0WbXVOyH_GLmBMqnNru7GLrtDgDJVzmgWXwl6FFaXrKtY5%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=600&slotname=3654094576&adk=3537124836&adf=3173046731&pi=t.ma~as.3654094576&w=120&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699235597413&bpp=124&bdt=128&idt=520&shv=r20231101&mjsv=m202310310101&ptt=5&saldr=sd&is_amp=1&correlator=1386&frm=24&ife=2&pv=2&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=0&ifk=1507082180&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079297%2C31079306%2C31079344%2C44807047%2C44807335%2C44807454%2C31078297%2C44807754%2C31079355&oid=2&pvsid=795451879547957&tmod=1607962558&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C0&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.dshytryt8ei2&fsb=1&dtd=531
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8219b3bf3da51da2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://aep.mxptint.net/sn.ashx?google_gid=CAESEKn0nk3SdhxONDl4hLrF4nk&google_cver=1&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0...
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0BGVaSaOxlRxFomoSNfyePnwR9mp...

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0BGVaSaOxlRxFomoSNfyePnwR9mpiQKTvN6pPMaMipFiV15tvCwO_brhy&google_hm=UjM1Q0E1XzEwQkIzMEJGNF85QUU5RUZFRQ%3D%3D

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTci-9Wa7C6MJgX4xQUKDwevfRj3ZOC-GVrnZrqPEfIbfWbxPnkDZ_QdpeY-1OJ7B2eInBIM-45bTs6N36vzdH1TVnenQW0BGVaSaOxlRxFomoSNfyePnwR9mpiQKTvN6pPMaMipFiV15tvCwO_brhy&google_hm=UjM1Q0E1XzEwQkIzMEJGNF85QUU5RUZFRQ%3D%3D
Date: Mon, 06 Nov 2023 01:53:18 GMT
Cache-Control: private
Strict-Transport-Security: max-age=-382240399; includeSubDomains
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length: 402
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEEpuJP6lk_8AZh-NEu6uUFc&google_cver=1&google_push=AXcoOmTlOPlfSoLHzWCMF4vUE_19Yu1iFjKHzUta0JgSPEwNxG758W8tYDmwtvFzNfPLmd5fQ_47s42LlDiERdhJ0PcqgCcBdBUL0H7_...
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MTQ1RDY4MEEzRDNEOEQ0RQ==

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MTQ1RDY4MEEzRDNEOEQ0RQ==

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MTQ1RDY4MEEzRDNEOEQ0RQ==
date: Mon, 06 Nov 2023 01:53:19 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELjMgoprZV05MWLdsV9oUIQ&google_cver=1&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lU...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELjMgoprZV05MWLdsV9oUIQ&google_cver=1&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODYyNDM5MjU5NDE0OTE3ODg3Ng&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_...

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODYyNDM5MjU5NDE0OTE3ODg3Ng&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lUKuub10UvPDVvW-AAn0UT_1DPgTU3GT8dhVAC2SSJGZMy0A95D7i0QrEh18nbdSoAREAk8NL8WoJV

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODYyNDM5MjU5NDE0OTE3ODg3Ng&google_push=AXcoOmTrkItnA7kvUm-rC5cTyQtfsr-yWG0KRBNWJ-gRw9cMfP42U_rhDFGDu-6WIwCrmpKSaE4eV_lUKuub10UvPDVvW-AAn0UT_1DPgTU3GT8dhVAC2SSJGZMy0A95D7i0QrEh18nbdSoAREAk8NL8WoJV
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEH1blVjBy51_y5EGOcLTw8E&google_cver=1&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDP...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDPtjMNY6M59QsWPndE1SsbCpGLQaIBWCURZlF_...

170 B
188 B

35ms
34ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDPtjMNY6M59QsWPndE1SsbCpGLQaIBWCURZlF_85SGi9mbDV70-zqZffDhzQclawJ4DAGQyVQ

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtOjO_XJh-p33CUQVDiAbPn195zPEQqa0AUCi6NgtC88_3jhrTJL-ltcUDzqZruO9BC06Ntz1_hpDPtjMNY6M59QsWPndE1SsbCpGLQaIBWCURZlF_85SGi9mbDV70-zqZffDhzQclawJ4DAGQyVQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEEQGwSjjA-RGynGtNeS3EhA&google_cver=1&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZ...
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZCCK9cEDf7EMNoPYgk9oM0aP0BRejJHcF...

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZCCK9cEDf7EMNoPYgk9oM0aP0BRejJHcF7cug6Bj6UWANufhRZeRJv1zq7&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmQIDvqb5ug_brO4CoRdCWSray5Fl6uLEOEmKw-NHD3s6chI3X5clw5kYUK8FX5ruwtExYMcfbIWDvoY3ygJX2fwyDw9_VZCCK9cEDf7EMNoPYgk9oM0aP0BRejJHcF7cug6Bj6UWANufhRZeRJv1zq7&google_hm=M0ZoSXJhYTExU2EzM3VBRkxINk4=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7652
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKau...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKaufyQVulH-x0AThTU56...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKaufyQVulH-x0AThTU564lJ06jSx6UaD9Q2eB-Z11RMloQz7IwnxXzdxvJSxj3OypYE4Ug_ZiPMPlU-gLvdBLJoKwpU7UiyC-CvtjzNz3mAWm9izf3NyjtIOhnHw3G6Lk1RxlDfFOb3XOd

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:19 GMT
an-x-request-uuid: 01400f90-602b-4dcf-b369-dc0ffc4ef3bb
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NzI5MjYwNTg0MTY5NDk4Njg4MQ%3D%3D&google_gid=CAESEIxaFucyIxyKUyeVLkz3P1Q&google_cver=1&google_push=AXcoOmSZzQdesFKaufyQVulH-x0AThTU564lJ06jSx6UaD9Q2eB-Z11RMloQz7IwnxXzdxvJSxj3OypYE4Ug_ZiPMPlU-gLvdBLJoKwpU7UiyC-CvtjzNz3mAWm9izf3NyjtIOhnHw3G6Lk1RxlDfFOb3XOd
x-proxy-origin: 195.206.105.131; 195.206.105.131; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7652 0
12 B 30ms
28ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lt0a_4ix03tO_IdIAvR1QRK38NmT3XqaQVcqwKubWIheVsN05x_AA0dpcZCymU4mbFCbBh-g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5086 0
0 59ms
58ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311010101&jk=405724297371379&bg=!QUKlQg3NAAb4oU7C2KE7ADQBe5WfOI34nUlgQ1X9r7et71vjf3180VtkHwzvM-36fJrWUZ4fFGLtcxr-fWqMVp9EMxIeAgAAARVSAAAABWgBB5kDDIOMP2nxbBAwCXfs7DWTohIDM9HMuPzMKU3vXAwx2XToZOioi9yFITByMZOboCqRGhtN0EgRm3r0ov0Vlg1NhDBDnglEFrNFO8wlnzvpS5VZx19I8FKYVnTAKRKOvscTwpsKCafTZhrSxbYYmubnKf9nz1217Rzi56RWb5bWi_PhiMFG026RSJ8OnFHdeZfudUqIVjCdrcMpRIZ9vbOD3b_8QwevCOMtdT2FdPzrM794mFG5pKcVH-HvzyLXuu2Q9ccH7fwUZWe7fPbgvgyKuNpRkPJq7rnySLSlLqYhNL6ixLxrC9pVCiV2FkKa72rRS8fCHteMa1_UDyYOXWwGMHj7Mam0VsjZURh3tucrPl32xFIGs0Q6CdU3YbTqBn0PUQNK1m0Mo68dhhi099U9dU_4h4LrMcMeriBOnowNPLTwn00oLuSK_IaK2-iBjuAMd1k1RYqJICsOWj0GA7pCRaKKo3GSh4-ybF2MgpkggzEqt7Nso4jXuSMrSwl0vceUKAdE7dK20-3ABvDNK4IgOinyIMxAF1dcQVayuePNAQd1IGQmwcCa268TryhlgK5MOj971y9-YLDkQpBEPZ4ejoBwpvko7Sb39_uAcp3WWj-DxVZXm0Fy6lIsT-IRcUS-ETgG_xBfREN6WtwUnwqyYlsaE2-Tw_goT1AesNidVxjzvpLz1Wb3ABrUlcUS4mw2Q4eppvidTEF4fmg7DRhHp5LpxAM0oc4XNBaWA5RJxg-RUe9gPPkQ2MzsSTSs1bJiZX9BBSlzWN_JRpzUWIGvSYR_Na1gOpjl6LWOthiBVlKwifU4j5vC4m0XcQ4zVk5ctEsPvWElGoShmjJqBTUBOcUJWWbHnvRjVHWRhHI9FmIyb1PQ-UNPrRCTWyRUBlhSAIP0m4-PIW5-ljY24-TfDIZxbdOOZoVGrbdf2QTAHpfz2X85FO-6rr_KQBQcTudabLubXdQ0nwrLX3mag6CBsOEiZQ-I0gq2KtgGPOLD1qWt8fB67DFiRnXXHxNPZBpNyFaZgF0_D42m0JHnWA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame B27F 89 KB
32 KB 68ms
19ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 17:57:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 17:57:22 GMT

GET
H/1.1 200
OK S-120x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame B27F 33 KB
34 KB 165ms
56ms Image
image/gif 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-120x600.gif
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: e5b7f02b23fdfaa750168663e07aa8da6df9b31692b4e470097c1122b3fe2678

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 06 Nov 2023 01:53:19 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-8530"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 34096

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B3E0 0
0 59ms
58ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231101&jk=1604962131828914&bg=!u7iluPfNAAb4oU7C2KE7ADQBe5WfOC89KT1wKVBOzrNS317Ax8TWzZhhrdA8x3ZCGh-FLDIckmQM2NpkaQIQ0hxfDQCxAgAAAUxSAAAAJmgBBwoAOJtI-tdv8haIV08r1Wtox8IrN7chSfPaDRnwEjPQv30sN_HkD4nU483FTT-cnbnegzB8AI0EDyIzmQMB4GK_w0oj6uNzJqIzxS2EjEn6G9fpMT-902iLQdPrhIglo1bemsrHOtTJ4TGH60zpx-lnZGe9f6Ci1fw8Hu7qK08sHTADeZYKJ_benrMZxxOt1b2KtoNTrbhxGWNdJIF5F4sueQbSsE0Gd6X_odL6316X3HJ_yfQWZkMJykRkGwn-WWTwMy0lD4DhVCf5VwcZfuTbkvrhvvqa-UTe1WnrZO7hF4Wt84XUTUZ8ZQDux5FcDxbbY3gxxNfAwHaoW7RzECWLBuIS1WALLMYodLq69ZT0bLXnwdjgNzaicwTqQXTi7IgMh6Ne7mEfcX-EhxjvNiC0zVAo7JzfEwYegZQayWzv_CTXHege0fqcNTBqt2FR4-aFIsMamW557zyTOe6HV2jUK8RYAYnOhbOHLZxtLKVjDFKvAxvlrAMZ9-pChevXcfHTU4Mh1Oh9KpshZiC5om8_kTKaAQb7Yu-LK17To5CHaViSKrgFv013YfDZgEfTAcTZ3MrDlH9Oh2dKAoZJ0OLBV1W4jwp7fE06I1sWd3d19yoQ2x6eUe_lvov-nvOyI-1foW2nmsRe4tl7rmAX4oY5mdlQD8h2oPDgSr1eq7YhC14-f4In6aoHchTAj4M9IlcJ_sf2u-ArsO16DRWiO4gEHkmoQjmapi6zO-TmEzhLXbnAjXSwIO4iyKAEgEtCK_XqOgILNHdLXDruUDSRpuBSkACdR2HSta8H_GZHZnc2inLXKUbh775N3eL02yFne9OxoT_pVfo7OinFF5DcXrNm6P_ZJGZRpHit8daAkBnREpZMmxmnpSFUZH0D7HxIPzi67Zpj98FV0LREzNtf9xm6UXYsJwHWd37kkU3BWigDDIYJCIkmRi5OAuBW3chs22bae9hZ3ZUCQenwdsnyJcYVANGvnEZyAnk1heZLhPjIUq4dBmPg3365ochUd4RWA8rbeQK2qw3yM5b9mmaAEKu7s2MsaE4WPHofLd1KhS0dzJgnRu7E9og91YJOE75QkD0mRzsqHfsZEBTAbC2l2g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6382 0
0 56ms
56ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231101&jk=1396754070652655&bg=!IiGlIW7NAAb4oU7C2KE7ADQBe5WfODu2gglEHzqpsyX6mUggfJZfuVPph4NYtbEe8HxH0qQ29T8KhvhXEHPo2tYHy5d5AgAAAF5SAAAABmgBB5kDEP3eJHTP4oQ36mQXqrzQ8tYuI_ftXNTxZz7cycqq7IQZYnimH0ETh-toosJPChTfTcm0zplDdu-Om0oMMTKOvRU4rVb4dEtKRoVqjYJYxWCLBXjDxGboL605UhJFC3LbVz0iDB5_raWbyCL8E63mU-Qdpb5pzCweS1G5wHdJ0VjqQP-3CGVM33GzbQ1Lv5oVaLDd7lsCwVSHfPhrR11zVa1rEPGEDPkPy3Gkzs2mCHByuxUFpM57G96FXo8-ix1oLyalbt2tWUBjkZ5seL6QLaS4prXLqh4a4q9GaX8n39m9rctuRKGBrd03XURInYayBeaj4MCv2PzSFNRPuhgoELlGl9tb7ZKj9DmiIT2naenQylVaKKMmi7kmMocQL-NGKmilPj-mJij_215-Bs0YbvjQIZrj6HKQGu_MryM-0RpLPeWVLiLCQhvBEnLPmwbRRP95-cBSKIjB9Sit9gz9ISv6JyD5b93_loSGJrIFZYWz4CmTNtpF2ZqEImMS5QGwRAOyn1laSJIwjRN0iQdelqMqChesv7uk_q_R-_cIrOt2GdQrnlQTtu3LEMCG55C0M7VlczP1YfZQg3Ye1Ls1A7WQeUomR-DPu6hD-df1kf1uSVTraG3xGG_HajjPCx8sbqueemTS1EnMvt1LaWvLkr5MSsjjJthiZh23o_FQGukSnMLuSqNl_SXgU3Z2y-p4-SeLhA9sDrmjcg2gaU4Cn7gW7pYMzbqX7qeOrrQRs9rNB1ZHWtA3xlFBTlE_rwzQYquA9jUD6aSdSLTxxbD7ITBA4ekmL2yjP8rnQrAqHGoB3d_FMsWED84wx9oslEBXDaW1ZDSp3TAJu3GnzjX1kI3coCAbWsIjbgUJpGNOCRMjRR7CU49nc4nzyXxYiIDL7WF4UmDWD-mCtJroWVrqMGRZcFrAMiS84xRKmrLPCeyssMwFmWCr503seVi1U7CqoCgHEGop3rRtlGIq9eZFF0JI_GJrFVu_e1SYDOAGxJqaGD6fwiYIFbIlVZmqzpDXlg7_jd6BlyKOL-xbyNCKVDA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame B27F 0
150 B 83ms
28ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=35447700006581304438268012500007&a=db2ed6b7&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=35447700006581304438268012500007&a=8db61585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 06 Nov 2023 01:53:19 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame B27F 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F105 0
10 B 19ms
19ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5Wx_uw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D5D1 0
0 62ms
61ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsspAsYmcIcrk37-PTgNZUzcRnLKNNv-OFdMpL0bRw8Q78AHXuAA_3v-9jFNlhGe9k6pg3Ce03QFk5lOD2xamqOIDjtNgqqkkRRQgLUpeXseFxH8nU5bxI9EIRC5qLeUJHpNbUIxl0J_0vR8E6IjGnZLsfMPrxSCda9Z8R28Q_lid_PiEPo2peInjT_MJEW0NKAj8BuINyH-9aFCIGyHJJAjULdmKyrnenbpxLGxtF4NUhZvkPZvJ6u0-5p5wBFfDxkfsiNiUPUb60Wozh6pV7TTnk8JwNM5qsDolvMh4dB1OsHgqJb5w9Wt8pMq3oum2F762cOQDpuAGFZOwy4PY2RjiyJlGSS6rEQfj8CZ6-4Gn-BKJzJ4pUF8jyn_gh0FDtkUYILVdw&sai=AMfl-YQqAFJyLyVK2A1GZEFjzsG9sVorSvO0fmF2iRmLJ2rpsoV6Ca896sWEs3I4VPg3iKY8xVp0dvVjZNQYzK8&sig=Cg0ArKJSzBOLRjnhjhuLEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 06 Nov 2023 01:53:19 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D5D1 16 KB
12 KB 34ms
33ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231101&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1527a12f0db34f114a5e9ead686aa4d18198c606d9521ac13a198bbeec7f15b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12299
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D5D1 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 01:53:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2B3A 13 KB
5 KB 20ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 21070
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 05 Nov 2023 20:02:09 GMT
expires: Mon, 04 Nov 2024 20:02:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B369 829 B
557 B 30ms
30ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e498da2ec3ffa61616ba204247525be6074e789a4d91e7a76c1c47166d56ff3c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZQTmE6luiNGnavGmDqTLMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZQTmE6luiNGnavGmDqTLMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 01:53:19 GMT
expires: Mon, 06 Nov 2023 01:53:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B369 0
0 54ms
53ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231101&jk=795451879547957&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2B3A 38 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 19:03:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 04 Nov 2024 19:03:31 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2B3A 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2nKzFw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 01:53:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 764B 0
0 55ms
55ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231101&jk=2354622432321991&bg=!XV6lXhHNAAb4oU7C2KE7ADQBe5WfOGBRx6IsdXFNF9AW12Ci4Chlg3CGlaMA85EXuJLNGkyJR_MMsuze8iPFsXoxiBmyAgAAAIhSAAAABmgBBwoAMpByDWSEKiWgbjCwBoaQfhYeEtt1eRNBYGuVZML5a55qMHhpgJZjJLD1AOSIwwUQ_DCJmQMPTAoIE4ytfST14o-T5BJvr1eOtPRTeRwkCHE2crTXSM-4cPGxk2Ys3SqqP3J1e4S5MPL-gzACjdvLMEA9eZfNK0CKc2DFg6nekNshcZJvjt6FDW9HWlkEwgCcGAelRYHp1n_xKtDvyht6U9k16-G0j4rBiQb3ifmu0m1nxpe4iM9XJnXmmLvZTiVbGp4r9tReeqp5_FXzUT8au5MHsJhS-x7RecJ5-eDvUQcPCW7i5cDRmbe3IWKIiQokJxUR1-t3J5jHVepyncsAxbu6tkJxEsUcdz8cW2bly498vZVx2BEb1mk8iTBNZb-Q1029ancYTFnADatBUr1Lk2S6GUQpE2y05gnZkoSvFEYRTTVR5snOIcfaxBtqC61R4fE1tsTXK4rqSHGQm9lJxQDyA4-ndP0LLBPpxjY8lPKtFP1aGYv26Jf8sinmLKNJpDebdCFoPHGjyBadkfhQsyO4NgPsRCoBcZv6wJRe5hVxUiuDjQZg99Ha0lq3jzYa9anwE6gS1LAJYotGhLhwRol5SRKndSvbLB_h85rjGHexw26jjbYYrzgy__bQdUzubsJThJQ3hWCLUBEYvEImEb8wJa_gfWYA5zOZwMNpXVb8_ouednSS4OLgXr1eXIRIzeeSepmJO7UnJHHJ9IQsx8Ou8Sn6c3xH5v52Hb-CdE0Ul7GhF2q8YA54xZPEFz4YFBXII692NDW_ZVFyr4HD37gFu2mkEMRBwzXLqq10_ZeQZB8Px9I0fVZqIh9Vkh_Jy-nIDJiT5o7FcWL8LHWqD7kxpLxrD8dRrYaIKGKBNhCKdoBJ_uya3oCKHy6oaywMaWk6xaJA8RGaxuqrI80QStGfu3lQgnz1Nx3Og-LBM9sy-JJXYnQQBKc483KrHfY_ynS-pIquo7wminofWAHdd7_V1SyPfjEd_5CazsUQ5PymVFHiMWQ_4EPC6ds7k8pkwjwsFWE_hL8wzX-2gYxQ5TC4NVvm0SrpyfEY_3Si3jV4i3OpeY38rAF579sTNaPjwCuh5qsYMyglCXtwfR0mU-tgbALr
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D75A 0
24 B 53ms
53ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6051637411083&version=m202309260101&ct=119&x=1&cor=14926024893855478000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D5D1 0
0 55ms
55ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231101&jk=795451879547957&bg=!OjmlOXbNAAb4oU7C2KE7ADQBe5WfOMuapAuU6hPgHXBUIEva2FlAv5Z1rXB9PZvMB4GrYaMnTwuBtGiKxrbcv327EwUpAgAAAD1SAAAABmgBB5kDBFunP125CtFxsz0jQlk7ZUstvNi1kWH3WseeZx1dBN7c8Kh1cUA5-yBGiLM8iueCuf595BjNC6abRDOFWh45vr9WwEmEOSq8E_9I_PlmsmYd8a6CBkwa9OiRdU0OZ40QYRV-FwWn-Mxgkuf2vCELQ038RMeOWLWDZSLjKIETpnSjQIYTNmRpzkdetDRsO2jB3Ws6VvuApbfr7ZwQMCdCLKjUl6rCAF01vsnYZpKzfFFl0oG2Y6h1FqLJ6tQSgYPRafL_WM610iS0fTBxhUk2mTETxYmC6_bb0VoRxAKSgXg2ky1f6GHcg5VJw-KtwHe3HffrzZu01j1UMX5Ao7vMKYoH79iN-RE5FtQEoq3O0SVNNBDDRUiGTtYA_nfPfij_Y-I9DWLoCD6Dh1HpKffk2TNvDtSNjOfS17GeRIA578hS2EnIjYYl_1T9b03OZgsnZETzYHE4EOBw732uCGoilanBHlPbEK8qdZfVJbzCDqD0ZDM10m4EVk1OAea6EEEOTlMitbr-v6UwW5k4c04CB3Z817o1wNxRUk5ybmMTyMeOC4DJGKi2HugnFMnHI0Ep_p9K8RS1BytgNz106_5_N5oLfBJpoMCPiEu1pOf-4ITYeevkf36FkyjXax-glKQRnt0hLPP9pqGpzWD2kq4UjR5dn8h9obfR8kcTLmWnyocRem757muAznLHYmtYYtKH5f7vL09MImqPqLftMXCP9enLDxzcxqxx5pGiB9EwritEjtTRnwxbOc99Y_TwAj8w6_F9mqEMaVyzFwc79j7_jL0TzDCmAFa4T4EEqbSGVakRK8b7I4OuMgO6GtAiNMkPeQToZYD_Qn73Kf4UkxOCbg9daQfsHCuHIwa0NTLiIVhxQ_-RRn_eQGzicK_x_ggjowY1mlKVTcOcc2R2Rz0rnsWZb-7uagCahDSfZaBFAZ85YcLiPpZ0LHbdGA_QG_tWULWx-EwE-bwQckH9RVWvLeg_W0IpsSPLY1AxriLbK_xhvN05odnTyP2MA9_aEM_6lmoIOG0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0A69 0
24 B 54ms
54ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4670940729213&version=m202309260101&ct=77&x=1&cor=8333087865757507000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Nov 2023 01:53:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 01:36:35	Name: is_unique Value: sc12916097.1699235595.0
.statcounter.com/	1970-01-21 01:36:35	Name: is_visitor_unique Value: 1699235595348316055
.xgcartoon.com/	1970-01-21 00:46:11	Name: _ga Value: amp-NICO640uppnGXDqdarHAbQ
.doubleclick.net/	1970-01-21 01:36:35	Name: IDE Value: AHWqTUmPUUXyli2J-TwnlZvvTi2Zmacwsa8jaGeJrKAy28bVxcVXTyOHFzVDTz-BtS8
.3lift.com/	1970-01-20 18:10:11	Name: tluid Value: 483862214593965920183
.simpli.fi/	1970-01-21 00:47:37	Name: suid Value: 6E283306E9A1489CBCFBD9C7FC495B3D
.casalemedia.com/	1970-01-20 18:10:11	Name: CMPS Value: 1193
.everesttech.net/	1970-01-21 00:46:11	Name: everest_g_v2 Value: g_surferid~ZUhHDgAAAfLoDgAU
.360yield.com/	1970-01-20 18:10:11	Name: tuuid Value: dae0af32-eb01-4232-bff5-5cd6b1eb3530
.360yield.com/	1970-01-20 18:10:11	Name: tuuid_lu Value: 1699235598
.casalemedia.com/	1970-01-21 00:46:11	Name: CMID Value: ZUhHDuJ2e2V9Bhx3bE6IBgAA
.casalemedia.com/	1970-01-20 18:10:11	Name: CMPRO Value: 1103
.linkedin.com/	1970-01-21 00:46:11	Name: bcookie Value: "v=2&7e742e2f-68bf-4e11-8af6-d017bb4b1b27"
.linkedin.com/	1970-01-20 20:19:47	Name: li_gc Value: MTswOzE2OTkyMzU1OTg7MjswMjGEjQNdZ7OYR9Oi6gvEyivZv1QlVUCwSwRM+RXJd6ftsQ==
.linkedin.com/	1970-01-20 16:02:01	Name: lidc Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2877:u=1:x=1:i=1699235598:t=1699321998:v=2:sig=AQF2eI8W4ZoJacy3QjUPKEidlpTCsuam"
.adnxs.com/	1970-01-20 18:10:11	Name: uuid2 Value: 7292605841694986881
.adnxs.com/	1970-01-20 18:10:11	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$MhGqfR!]tbPl1M>e)ZlrFUfJ+tGXxoa>73)bVDl@l:#vx8V[qC>HW3'=_=ZiWdKyGg%nugO%v4VB%nmEI)i@Z]
.openx.net/	1970-01-21 00:46:11	Name: i Value: 6cf0b043-dd1b-4066-940c-d2fa9c7ec4fa\|1699235598
.teads.tv/	1970-01-21 00:44:45	Name: tt_viewer Value: 191b829e-0441-4d70-a21e-2b42672504da
.doubleclick.net/	1970-01-20 16:43:47	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:10:11	Name: 8lcfmzhxc8d6_uid Value: 1ede44b0937c817e
.smartadserver.com/	1970-01-21 01:30:49	Name: pid Value: 5586521265878831573
.yieldmo.com/	1970-01-21 00:46:11	Name: yieldmo_id Value: 3FhIraa11Sa33uAFLH6N%7C1699228800000%7C0
.fksnk.com/	1970-01-20 16:02:01	Name: g_001 Value: 1
.mfadsrvr.com/	1970-01-21 01:36:35	Name: tuuid Value: 978a781e-e6af-4bc9-ab94-d85dfe18fae0
.mfadsrvr.com/	1970-01-21 01:36:35	Name: c Value: 1699235599
.mfadsrvr.com/	1970-01-21 01:36:35	Name: tuuid_lu Value: 1699235599
fksnk.com/	1970-01-20 16:10:40	Name: AWSALBCORS Value: 1F4hte9QfsDBg6RoMixuLNd0IIw1jtcRZlzMe14sCZkKSlaHiOmJPh0mucjQ1ooRywIXU5O/0u0TvGl4boAXIDsqGvz1DB4GzwdcyLV9lME7HAGsiUMAXsaYk2W2
.fksnk.com/	1970-01-20 18:10:11	Name: f_001 Value: 145D680A3D3D8D4E
.mfadsrvr.com/	1970-01-21 01:36:35	Name: ssh Value: !google,1699235599
.adform.net/	1970-01-20 16:43:47	Name: C Value: 1
.adform.net/	1970-01-20 17:26:59	Name: uid Value: 8624392594149178876
.tribalfusion.com/	1970-01-20 18:10:11	Name: ANON_ID Value: aYntuJyKalHobWm8ZaCyPsFuYePOpeEtEZa36MrwXmUjqsBDiWTuTdMlUSh3eVZc502E3PpujmZcawyptMPbfP7JKXGK
.mxptint.net/	1970-01-21 01:36:35	Name: mxpim Value: R35CA5_10BB30BF4_9AE9EFEE.1.6548470F

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.xgcartoon.com/detail/moudashudevrmmohuodongjimouweidashudevrmmohuodongjingliriyu-zhuiming Message: The resource https://c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

47f49835cda84644c28a4cef72504ceb.safeframe.googlesyndication.com
a.tribalfusion.com
ad.doubleclick.net
ads.yieldmo.com
aep.mxptint.net
ajax.googleapis.com
c.statcounter.com
c1.adform.net
c91815ecb0006ca3e742dd78f52d5969.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.contentspread.net
cm.g.doubleclick.net
dsum-sec.casalemedia.com
eb2.3lift.com
fksnk.com
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
id5-sync.com
match.360yield.com
match.sharethrough.com
onetag-sys.com
pagead2.googlesyndication.com
partners.tremorhub.com
px.ads.linkedin.com
region1.google-analytics.com
rtb.mfadsrvr.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-a.xgcartoon.com
sync-tm.everesttech.net
sync.inmobi.com
sync.teads.tv
tpc.googlesyndication.com
um.simpli.fi
us-u.openx.net
www.google.com
www.googletagservices.com
www.xgcartoon.com
104.18.36.155
104.20.218.77
138.201.63.157
142.250.186.102
142.250.74.194
144.76.104.53
151.101.194.49
162.19.138.83
169.150.222.217
172.217.16.194
185.86.138.152
185.89.210.244
2.19.104.4
20.127.253.7
2001:4860:4802:32::36
2600:1f18:612b:4200:8dc7:4fa0:2c07:4fd1
2606:4700:10::ac43:2a0b
2606:4700::6812:18ad
2620:1ec:21::14
2a00:1450:4001:806::2002
2a00:1450:4001:809::2006
2a00:1450:4001:80b::200a
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:827::2001
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
3.122.5.52
3.209.243.77
34.250.128.111
34.98.64.218
35.204.158.49
37.157.6.232
38.68.201.140
51.89.9.253
52.19.208.136
52.28.38.5
76.223.111.18
88.99.70.21
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0681c5cd701e67aa819568befee79b1ba6fb9dd08fbf33b4c1eee9fe51c1c2ec
0719ba3c1bbbff4b49a07719f533ffd705f55b4a4ec39be6a377e12b7d192e58
077b3381c651cdc445e75305bab92a28ddc1b937895c022a05a0ad2912106fa6
078499c0648602653c4847140d474b8af6d6e66e6f91f543978927bd34d10cda
07f7335b4dfa782be77920282545739a979df7df72fa55b30e47acd55f77b627
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0daacbec8b84ea75e745a5eb6f3556e1e9e0bd14566bd91e7f3c5a0a53c6c178
11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459
1527a12f0db34f114a5e9ead686aa4d18198c606d9521ac13a198bbeec7f15b1
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16a2002fe6073aa0708f1048d7e523b42f8043a72770e1c5782c7e1010ab03a0
17c285a6085fca9d6b290d06f88ef716fee7a04bd843c3371b3a3716a2bb358f
18242ed7d0e9ce01a6a05865bbeadd3eeb89355d7b517b6519a852e2e448bd4b
1b1cebe265425cc539a2fd94fc1afe08df5c8ede390905cc2b8f9c3bfbf608c9
1bbc0afe6564de8b2968c7875c4fa4f255bb74e449cc3a585d2dec85d3095ea2
1e7f0491777e710ac478109971b46f6de2c7e20464b81c33604aab5c64eb1e64
256306bb295af55f0fd7de58d88db2952523220c4a2a3a5ad02aa9a5572b4a17
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f5c46e1d404df5a4c0813d11cbb826a9c17727aacff600308c27f2fd3c892a4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
330f7a02aa5131098a43f42ca0f19c8d1465a4ee1ef18f3326e9734c3f26f379
36d7491054975d43f30460bc43ef5526e3b68ae30eb1a4f5dc94ccb7f7585f37
37412b30b641c63ffcbc775b5fc2a497f2f2d99a5eb74dcc3adf02ef76cdfa0f
377a4454860fe6df1e2afb6c72355c7e4a4f904e1afa2828d7baac156e48341d
39dd759ff5c50fb31d083cdeae81b5285589827cb3c879ed9fe8feed7dd08f45
3de172d5876d0f69950b8419e233103ecfa0a2042b517bde478d3a323defd3eb
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
45c86106d961875b2f43a82fe8f2d710d043853a04991ab1ff1f9959c1e96277
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46f3814580ed67b82400f08e6e77214c1ab59427a34f8a4180b2129f70c477ec
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48ac55e9fab782efa2b432674a55d32bec16d52b63da80ddeed894abbb5aefda
4b21b595a46d74e9307369025a4484d5e630831dddfef2aade35c8a463a949d8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c05c8e87b2c7e5c613659aeffbdbdd30f5bd1e9c995169967fa553fac7523fa
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3b211bc784dd66082243fd6da77d353f3cfa2daaf370fe8847e614238df451
526560d05ea8b526d48baf721135e795c0ed7c704061d1d25f961648ba3ee99d
5362b061983a3dec0baedadae28c6d9e9f66e20ef90ba320d685a8b235f265e7
54cb15acb0c5f40e191701b259fca34a71656a5d07c750de734ce598f5f5255a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5e205d732f0f4e1dd0d683b0639fbfdf1f3ed2ba1aa0ec1f9d5f13bd4ff91e70
5fd005da5ecd3c42f2fd545b9dfe9fafe6c63d01eeb0d3bfd72a6d3aa40e1285
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1
651ce2ced715406900e79b4f9e8a90c14f5535d56f3c14c991386bc9c7e4698c
684e8d79918d589e78b1f46d3aec59c05a0496a3f206258b3d0460c507f56eea
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6e5a481c6d0a1da8ccfb10bb9d03bb073b46264bca5332f36f1068d3b30b5cef
6f7c44c53c5021e9141899edad76995940435fe10a725857435e5a0b7ad1a10e
712a0de41b8ee4334aeb94d3cf276b222502535671711092e073e8438d2e7ff0
72b27fe81b22583cc177ce538a04dbb2429b2b176717aa7dd160fa5f7a7c5eb4
759d98cf1d61c19a6a5ded8a4e97755d72a8f24ad9cf0879b5f6a712e77f55ba
7a696376383604bc9209d9af3623ed7073537b2c5515785c703a9723f06c9374
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8c7d88c9e121d381469ccbbacb2fe9f74ea0e66fc010adc94047c103a24f604d
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
95ceb163af22ecb4ed905a6fe5640bdcb154bc5ca7f823c95829db5b467b50b2
961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
992e2f78a0bca55acab14751915995ae3f47e6609cad763a881bc9f2e235f288
9a57ab75a4d1449d08cc63e9e8faacb98573a727a80bba8823aac4bbed87ab37
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
ac734a36f32f69692bdfa931f548e1c8a4ca7205fe5c0d8cdd6a74ca67a1a8f7
afb950f052d11e2e8ee6ec7d4a914e3542106c4b71d0be274a34711979aa4fa8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3a109d3fb2cacadfb2d5a7f949a1f0f008b7ee17769a5951f0d619389aedcf4
b719b3f5c5ab8da8150e1ce4c12bef4bc159de02a596d27e2e4cc831b5bb9f4d
ba4056fa6926b1c8927a2947f6a8a081da4f2ab5cf3aa164c4553a3ce4b8e200
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c1ac9d798cb6de2e19054bded55f21d21190b7849893a06ed84ee6fc76b2c888
c2e430617e3c3499b05d805e8efff4ff506476de56642b1afd2e151e5832383c
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
c854c5d445589e188bef87f6b18ed50384361ce827315beeebdf24cb22474eea
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d4727225a9f10ff46646b79ce022f144331bbf99ffd5628482cda86572f2db15
d814714dfdb518b0e13c82074c7ba39581f53169afcc1424f88e25927f020adb
dc82a12a1eb836c96b385d8e32b76575f5753bd305a9374ceeed5df947dc945f
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
deb852f3a04cc41588aff6b8805f04911cfe93a935a74c4781a32a4929b9e95b
df63e9b76d6a6f5beb607115157a7cbd9a7f17ea3358e2b87b889b919883fb12
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e2d90ec3418d19aa3b77e76054eb71b0fd006122c432bff404a326638e618c64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e498da2ec3ffa61616ba204247525be6074e789a4d91e7a76c1c47166d56ff3c
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5b7f02b23fdfaa750168663e07aa8da6df9b31692b4e470097c1122b3fe2678
e8918f49351237098d6a302c8d526aac19a26c1c3d677e75e6a3becc32151da9
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ee8f461f86f1dbbfa105111d19fc9ceba508d8f2da478e458e1178727037ae4e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f41277bff5ee47a7c0ebe089915c5fd3ce8bd15994d44351d7442bc6696e0573
f68840afa4d2d0c2a209bd7702f30662793168b07be8e6698716aa142dd3fffa
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
fe7f8b5af893b8519fd614ca225aeb8fa85f9b27d4abf503053765115b64ac8f

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

218 Requests

87 %HTTPS

37 %IPv6

33 Domains

45 Subdomains

29 IPs

9 Countries

3094 kBTransfer

8139 kBSize

34 Cookies

1 Outgoing links

Redirected requests

218 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

218
Requests

87 %
HTTPS

37 %
IPv6

33
Domains

45
Subdomains

29
IPs

9
Countries

3094 kB
Transfer

8139 kB
Size

34
Cookies

218 HTTP transactions
14 data transactions