www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Submission: On October 03 via manual (October 3rd 2023, 4:17:53 pm UTC) from US — Scanned from CH

Summary HTTP 217 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 27 IPs in 7 countries across 34 domains to perform 217 HTTP transactions. The main IP is 169.150.222.217, located in Hong Kong, Hong Kong and belongs to CDN77 ^_^, GB. The main domain is www.xgcartoon.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G4 on September 24th 2023. Valid for: a year.

This is the only time www.xgcartoon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	169.150.222.217 169.150.222.217	60068 (CDN77 ^_^) (CDN77 ^_^)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	104.20.219.77 104.20.219.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::6816:2e93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 21	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
54	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
60	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	217.79.188.59 217.79.188.59	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.46 217.79.188.46	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
7 28	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
4 6	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
3 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1 1	54.155.169.152 54.155.169.152	16509 (AMAZON-02) (AMAZON-02)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
2	13.113.147.59 13.113.147.59	16509 (AMAZON-02) (AMAZON-02)
1 1	52.45.175.185 52.45.175.185	14618 (AMAZON-AES) (AMAZON-AES)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
2 4	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4216:f80f:eda:bc61:b763	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	20.85.134.6 20.85.134.6	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
2 2	3.65.51.143 3.65.51.143	16509 (AMAZON-02) (AMAZON-02)
1 1	193.108.153.24 193.108.153.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	3.73.105.217 3.73.105.217	16509 (AMAZON-02) (AMAZON-02)
1 1	184.73.203.57 184.73.203.57	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.48 216.52.2.48	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	2600:1f18:612... 2600:1f18:612b:4216:7b35:6241:9161:5be7	14618 (AMAZON-AES) (AMAZON-AES)
1	85.114.131.235 85.114.131.235	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
217	27

5 169.150.222.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-169-150-222-217.datapacket.com

www.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.219.77 (None, )

ASN13335 (CLOUDFLARENET, US)

c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:2e93 (United States)

ASN13335 (CLOUDFLARENET, US)

static-a.xgcartoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.59 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.46 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad4.adfarm1.adition.com

ad4.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.185.226 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.27.193 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.123 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.169.152 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-169-152.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.113.147.59 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-113-147-59.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.175.185 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-175-185.compute-1.amazonaws.com

im.bluevoox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.102.35.84 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:f80f:eda:bc61:b763 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.85.134.6 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.79 (United States) 1 redirects

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.65.51.143 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-51-143.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.108.153.24 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-24.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.73.105.217 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-105-217.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.203.57 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-203-57.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:7b35:6241:9161:5be7 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

google.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.131.235 (Weil am Rhein, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21039.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
102	googlesyndication.com ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com	2 MB
63	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 433	583 KB
12	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 331	251 KB
10	xgcartoon.com www.xgcartoon.com static-a.xgcartoon.com — Cisco Umbrella Rank: 680248	219 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	470 KB
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 781	4 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 35069 hal90007.redintelligence.net — Cisco Umbrella Rank: 239013	10 KB
5	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 11	2 KB
4	teads.tv 2 redirects sync.teads.tv — Cisco Umbrella Rank: 2022	1 KB
4	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 863	1 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	3 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 178
3	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 12957 ad4.adfarm1.adition.com — Cisco Umbrella Rank: 59333	11 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 1012	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1562	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 614	1 KB
2	tremorhub.com 1 redirects partners.tremorhub.com — Cisco Umbrella Rank: 2071 google.partners.tremorhub.com — Cisco Umbrella Rank: 27714	810 B
2	inmobi.com 2 redirects sync.inmobi.com — Cisco Umbrella Rank: 2496 mweb.ck.inmobi.com — Cisco Umbrella Rank: 8866	1 KB
2	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 11013	87 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 933	2 KB
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 84565	95 KB
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 11243	553 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 8734	610 B
1	pangle-ads.com 1 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2902	889 B
1	acuityplatform.com 1 redirects ums.acuityplatform.com — Cisco Umbrella Rank: 2199	684 B
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 830	817 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 408	33 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 687	921 B
1	bluevoox.com 1 redirects im.bluevoox.com — Cisco Umbrella Rank: 16820	520 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 2128	576 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 1089	598 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1878	256 B
1	statcounter.com c.statcounter.com — Cisco Umbrella Rank: 12701	468 B
0	loopme.me Failed csync.loopme.me Failed
217	34

	Domain	Requested by
48	pagead2.googlesyndication.com	ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
44	tpc.googlesyndication.com	www.xgcartoon.com ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com
28	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
21	securepubads.g.doubleclick.net	2 redirects cdn.ampproject.org www.xgcartoon.com ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
12	googleads.g.doubleclick.net	ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com pagead2.googlesyndication.com 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	cdn.ampproject.org	www.xgcartoon.com cdn.ampproject.org
8	www.googletagservices.com	ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com	cdn.ampproject.org
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	2 redirects tpc.googlesyndication.com
5	static-a.xgcartoon.com	www.xgcartoon.com
5	www.xgcartoon.com	www.xgcartoon.com cdn.ampproject.org
4	sync.teads.tv	2 redirects googleads.g.doubleclick.net
4	hal90007.redintelligence.net	1 redirects 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com hal90007.redintelligence.net
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.googleadservices.com
2	ap.lijit.com	2 redirects
2	pm.w55c.net	2 redirects
2	x.bidswitch.net	2 redirects
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	cc.adingo.jp	c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net
2	sync.1rx.io	2 redirects
2	ad4.adfarm1.adition.com	c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com ad4.adfarm1.adition.com
2	c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cdn.contentspread.net	hal90007.redintelligence.net
1	google.partners.tremorhub.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	fksnk.com	1 redirects
1	analytics.pangle-ads.com	1 redirects
1	ums.acuityplatform.com	1 redirects
1	mweb.ck.inmobi.com	1 redirects
1	px.ads.linkedin.com	1 redirects
1	s0.2mdn.net	googleads.g.doubleclick.net
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	id5-sync.com
1	sync.inmobi.com	1 redirects
1	im.bluevoox.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	ads.yieldmo.com	1 redirects
1	hal9000.redintelligence.net	3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
1	imagesrv.adition.com	c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
1	region1.google-analytics.com	cdn.ampproject.org
1	c.statcounter.com	www.xgcartoon.com
0	csync.loopme.me Failed	c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com googleads.g.doubleclick.net 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
217	47

This site contains links to these domains. Also see Links.

Domain
cn.xgcartoon.com

Subject Issuer	Validity	Valid
*.xgcartoon.com AlphaSSL CA - SHA256 - G4	`2023-09-24` - `2024-10-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-24` - `2023-12-24`	a year	crt.sh
xgcartoon.com GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.adingo.jp Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
contentspread.net R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Frame ID: B69FA69A3B91465F3504222F811D2DA2
Requests: 38 HTTP requests in this frame

Frame: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 0ADCA4E18C2413E7F503D31EF03408EE
Requests: 8 HTTP requests in this frame

Frame: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: A82F8C40ECD63E2E0C1ABB67757D0358
Requests: 7 HTTP requests in this frame

Frame: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 9FB1E3229D1B983C7BF99F8CA4D76809
Requests: 10 HTTP requests in this frame

Frame: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 017C561329E20B9CCCD2FC4051E331CB
Requests: 11 HTTP requests in this frame

Frame: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0
Frame ID: 47BA681DA9CD3934E7BDF19E196941C9
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html
Frame ID: 5094F7E23FDC2BF99AA6078013C6E712
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D3CCC75E54C13F389021AA2FE065CC1E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html
Frame ID: 1D3BF4A1D9DDB15C67B779FF0994FCBC
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DF8C9C8535C5E0715A8EBB7014EE8083
Requests: 2 HTTP requests in this frame

Frame: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A2D4C95386C9DE74E20304516F7161C4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230928/r20190131/zrt_lookup.html
Frame ID: FD3D65B60EF2D4B959E0FE840DDEF467
Requests: 1 HTTP requests in this frame

Frame: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 435B4839D0C9007C7EFFD02CDE524E27
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582
Frame ID: BC4B4434DC2F177E4F1322A39E54EBAB
Requests: 17 HTTP requests in this frame

Frame: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5D5C4923B9C3B03181B639037AA2403B
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A6449B7ADFAFF64B4287CD782E19AB81
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EA0CCAF4F1C217540C95F085F3C46A3D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNV9dNVGaj--SqSeMR0fKHiMSA4qkCJ13CvDukMvuKGy_NTe8sMkf8PDSIyzH51QTRQoZWGn2A6f_gYjDiXpyUBb5gZleQ
Frame ID: 142BB994B3518E26AE0D0342C89CFD43
Requests: 4 HTTP requests in this frame

Frame: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 797EF60B25C69C88C2FE58B706A99579
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNXc7CoFL0YSFy-kCwQ94PvQjyDud8nKVOFL_R27N9ViV9r_bdGP9EjQUiUsV1vUAlt56cLTwBEY0wuiCW4_QJ-DLy9Xaw
Frame ID: BF9636018CBB63660193588FAF7EBBDC
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CCE5F8495DB401EFE153EF3562DDE679
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 12D8DB47910F40E439B776747515173A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0F39286EC75869A17CB48F8F39EB0FA8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EA66F6E481C1ECFC6D4C4A96925AD30A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 29DCCD9C757C62F76CDC3EFC633C6127
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO64rc4CEP3JqdsCGJD3wPcBMAE&v=APEucNVlry2sgpoS1NzJ102g_6tzV_IQ1YdFdnZNToSH9UNFH78RxxTTSUK-2NbD4QG83ZQq-vudbnv4mb0Ifc2vgkk6EaJU7w
Frame ID: 6B8C3EC5E64B89CBD3AFA990E7C43D2A
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8070CD66D3C1D21461A9AF8C8197B947
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 178F46216598926B2005345E17CCF100
Requests: 3 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=11691000132618404438442012466007&a=885f610b
Frame ID: 4344D46338066216DC0A1CDB79A8CE68
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D28C3ABB43EA404E32B955CAF811BB94
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 030D1FDDAFBD211BFE5B0D3EF6DED6BC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BFE0CF42D34FD19B6C7B4F7BD9A16050
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🍛七大罪（七原罪、七人傳奇）第3季諸神的逆鱗【日語】免費高清卡通動漫在線看 - 西瓜卡通

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

217
Requests

86 %
HTTPS

30 %
IPv6

34
Domains

47
Subdomains

27
IPs

7
Countries

3333 kB
Transfer

7567 kB
Size

37
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://cn.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Title: 简

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 70

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 91

https://securepubads.g.doubleclick.net/pagead/adview?ai=ChVOLqT4cZaqKLbONjuwPi-Wp2ASmzub6cvOapPL0EaXL_d8FEAEg08vOMGD1lc6B4ASgAZ6avJUpyAEJ4AIAqAMByANIqgTJAk_Qggjv4WaZWyyv8kqU-6S5hs9stYw7WEnT0vI2D6kiqmDl7AmxTd2timQKrYzMVsYjGX6YR6CMsb0DKn2GUetPM1atvmUfDWlRhYF-r-Hwt0V7C-qKToI_koZed0qGG7BKgBp-fJASYztRkJzIoMG6LbGpk2cBZQpomOsMjmECm9hWvtkt1Y-to4YlDziT4C8G6R7SkHJxp-HoYsjFokOr_I4aw_UJFI1c3HP7dNDCySB08xPJCRXIkgjnQEDzBdyIYv-CJeluEDyMudYH-1gjuYuCqUR3qUuhUkGJKUhpvib48tACvQxrrQRaiQMu4CeW52Lr72XnjULgMoeHMW7wYf2DL8MdFC6ks3jRxxbuReuDI6yXbWoxusCqKT1ODBnX_aVqePeSiBvUMOQTO93gg7voRHz9hXcB9PdPTX9bL7vVNQtKFR0vwATqnpfCrwTgBAGIBcKK1vtJkgUECAQYAZIFBAgFGASgBi6AB57SjPUDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEKfjAdIIFAiAYRABGB0yAooCOgKAQEi9_cE6mgkoaHR0cHM6Ly93d3cuZ2FtZW9ueXguY29tL2tpZHMtZ2FtZXMuaHRtbIAKA8gLAdoMEAoKEKCIhMDi_pGDDxICAQPiDRMIoo-l2aPagQMVs4aDBx2LcgpL2BMM0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=Vkd71blLxMM&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaND6SynGOTjxcPJ50sq_JijDCg8CTozBgB&template_id=531&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337cdc745ca4ad0000000000000000%22,%224%22:%220xcc32577d5de9645b0000000000000000%22,%225%22:%220xcf02243aead2188a0000000000000000%22},%22debug_key%22:%229279753791344987369%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2210-03%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218193685935930401585%22}&andc=true

Request Chain 94

https://securepubads.g.doubleclick.net/pagead/adview?ai=CGOCzqj4cZe_bCJj13gPQnIi4AabO5vpyi8Ck8vQR4KOUmEMQASDTy84wYPWVzoHgBKABnpq8lSnIAQngAgCoAwHIA0iqBMgCT9CrgpXVWAy5BiVBsNwNz0MyQyYSs5SoGp5I2NCdEeMha9w0BObCP2WSccrCCzZ1cZ9imgfjqKKs2xtwBeFYEgdmeqg8Wit8B8FPCUwwKLaoZR0JTCcAMdeMH5iEsaj2XnnRz7Ei5brSXx9Zwjxi7XFpvwqXWfk1OY7E_QsIssMDEwTYmBJtKowOrEHmQcFt67aHjuWIHQxkfm3GUEhznzMCa11BazxFoHxBQfmsVA61BvB5QnHDSCIiDlgn7ZevRTdVpAJdi0E7tKPwGyfhE5fN08JqITzIg9b6Hx94FUCBRzRgdgSxm18NwR3FR_fr9GGC8ft1D0EpQXSA0yZrc1LFLhtuZokUen4aD8eWlwCVrlND9hThRVDk2hY2DXSy1re3y4iDpE3UWps6PuqYBo9wLgkGzIQ8MpBDT4g12l7--QORnKyd-8AE-Lr7zbIE4AQBiAXCitb7SZIFBAgEGAGSBQQIBRgEoAYugAee0oz1A6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCr7QHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKGh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9raWRzLWdhbWVzLmh0bWyACgPICwHaDBAKChCwv-Co-Ofb30kSAgED4g0TCOGQpdmj2oEDFZi6dwodUA4CF9gTDNAVAYAXAbIXHgocCAASFHB1Yi0zMDM5MTk5NTAzNDAzNjM0GJnSIQ&sigh=-kvLf0CUXUA&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaN2jyevISzkjzSda0neWR_G9ni-sFDChgB&template_id=531&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337cdc745ca4ad0000000000000000%22,%224%22:%220x7d146c96e1a9b5c60000000000000000%22,%225%22:%220xcf02243aead2188a0000000000000000%22},%22debug_key%22:%222816729592606104734%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2210-03%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22667083297042484081%22}&andc=true

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&C=1

Request Chain 135

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRw.qyd5lMCvXHO6QNMY.gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&google_hm=2

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYTKuLmH9pG2DPjxm9fWJ0&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGYTKuLmH9pG2DPjxm9fWJ0%26google_cver%3D1

Request Chain 140

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5NjU0ODI1NTQ1MDA3NTUzMA%3D%3D

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1

Request Chain 142

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTA1ZDQ2OWMtOGRmYS0yMjFjLWVlODEtYzQwMjhhMjBiNDJl

Request Chain 159

https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D&documentReferer=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5262437933058&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D&documentReferer=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5262437933058&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 160

https://ads.yieldmo.com/exptsync?google_gid=CAESEC5jEZXzfqB_n4vc_J9-ek8&google_cver=1&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A&google_hm=M2VxRU1xcW5uN3FDaGFDRnlubk8=

Request Chain 161

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE7aUfn5iADnHvAXXyPmcR4&google_cver=1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1696349868224 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-3608f835-02c0-4dca-9044-00bb4a4890c2-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA%26google_hm%3DAzYI-DUCwE3KkEQAu0pIkMI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&google_hm=AzYI-DUCwE3KkEQAu0pIkMI

Request Chain 163

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEHbpDZFeBDudTjER8X2S3xY&google_cver=1&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4xxswCiYPsoYI7_SjSkvHJAatvgS-tYS1pLPMvlVsKHe9hyQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4xxswCiYPsoYI7_SjSkvHJAatvgS-tYS1pLPMvlVsKHe9hyQ&google_hm=QlMuZTgzMS1iZjgxLTRiMDEtYmUxNw==

Request Chain 164

https://sync.inmobi.com/gob?google_gid=CAESEMoANwAqdATOmVzdZAXBfT8&google_cver=1&google_push=AXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJNVQuV2rd9KbStfvtB9Mve29x4hOxBp_hRnw68QnQ_z-AqTnz_BJ5T1bY HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJNVQuV2rd9KbStfvtB9Mve29x4hOxBp_hRnw68QnQ_z-AqTnz_BJ5T1bY

Request Chain 165

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEFR9mC_CSizyKqz0K_T4pW0&google_cver=1&google_push=AXcoOmSldnfzvESG5XF6FGHxvlqoBqHmchrbMMI7ym5sYIpD2ngtW_wqa0DFQ46rsjvz3avpEkqtPk8-wWoAi2C3G-PAKT4S0ObVAts HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=YjhjZDI0ZTMtNmU3MC00MjMzLTlkOTAtYzRlZjhmNGM2Mjkz&google_push=AXcoOmSldnfzvESG5XF6FGHxvlqoBqHmchrbMMI7ym5sYIpD2ngtW_wqa0DFQ46rsjvz3avpEkqtPk8-wWoAi2C3G-PAKT4S0ObVAts HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGaWuPLSfJVPlWMYD6yXHrI&google_cver=1

Request Chain 178

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRkODcxNWYtMjMyMC00MWI4LTlkMjItYzllODViM2I5MzFh

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEMsry_14uU54THYb4Pb_HwQ&google_cver=1

Request Chain 193

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEElKtIxk-KO0DbkBaEvudqw&google_cver=1&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4wHBCtGr_GWqfmRLRayX1l9k0t3RC6M73uXDd9qWhMZAX4EAmCi5XWnd1gXYMLbNo_JYcnv7p4Isc_g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4wHBCtGr_GWqfmRLRayX1l9k0t3RC6M73uXDd9qWhMZAX4EAmCi5XWnd1gXYMLbNo_JYcnv7p4Isc_g

Request Chain 194

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=1&google_push=AXcoOmQN2AouU1j5NRYnkki6SeMjdF-Tbw2Jt2rms-XtygoJFuZPz863hyczhfgiKNDp3GZXFH9_W5FDeQ7OjtAsJkFuAtSlUdbJxe3VEyknIqE_pPuC7Z05y6N_Rcf6ZrioOYR1kJu5HPiiEa8pkqv8oEk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTdmODZjOWEtNThkMy00MWNiLWFmZTYtOGFhMGRiNjAzMTMz&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=1&google_push=AXcoOmQN2AouU1j5NRYnkki6SeMjdF-Tbw2Jt2rms-XtygoJFuZPz863hyczhfgiKNDp3GZXFH9_W5FDeQ7OjtAsJkFuAtSlUdbJxe3VEyknIqE_pPuC7Z05y6N_Rcf6ZrioOYR1kJu5HPiiEa8pkqv8oEk

Request Chain 195

https://ums.acuityplatform.com/tum?umid=4&uid=CAESECKvZYk5Sc0VjrIR9-sRgWc&google_cver=1&google_push=AXcoOmROdORuKhnBmZY7eOHdwdXdSa_6sdTQCEK29HJCj6omCowkXvkjVspBfY1avrrd-A63M1ENIRPGtg9QsWVP_12QKHljsE5aXJok56GUuDep7CcsbEmcgCMtQQVluTVDmZ2ryVPjI4Aib2hVKH18J8sX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=835727490238&us_privacy=1---

Request Chain 197

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENlDR7UZwOf7UjYHrpK4y9o&google_cver=1&google_push=AXcoOmRihKK57QiXO5YXyWvyMiZwApvhqJqcxPv4ns4oD3fR3WTwXhweqs7hLZFTndn3elu4fCR5QC2oXjrF7bkPt7llStmazTRt6FhCgLd_40S12UHk10sCeFku3J-4tw-myU5qmGuJag44GUVkVo0NaUKK HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENlDR7UZwOf7UjYHrpK4y9o&google_cver=1&google_push=AXcoOmRihKK57QiXO5YXyWvyMiZwApvhqJqcxPv4ns4oD3fR3WTwXhweqs7hLZFTndn3elu4fCR5QC2oXjrF7bkPt7llStmazTRt6FhCgLd_40S12UHk10sCeFku3J-4tw-myU5qmGuJag44GUVkVo0NaUKK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f1a7e724-4da4-4af2-b1c8-1af336ecb7f5&%%GOOGLE_PUSH_PAIR%%

Request Chain 199

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEASGQPT_l888UeUM9kjaPUc&google_cver=1&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71ViixPl8u6EQNsBDrLRIW1y4itAUtVehBfDDAttbylVt3fdZTV_SLxuNSa7P5REBuiHo9-XomjEEuzxbNka5AOFm7ydPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71ViixPl8u6EQNsBDrLRIW1y4itAUtVehBfDDAttbylVt3fdZTV_SLxuNSa7P5REBuiHo9-XomjEEuzxbNka5AOFm7ydPw

Request Chain 204

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zznl1GXvfPbJsS_O6g3XqI_e7GksNvFVls3T1q9qXDi3xQMJb3Hch2Ftg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zznl1GXvfPbJsS_O6g3XqI_e7GksNvFVls3T1q9qXDi3xQMJb3Hch2Ftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d21uZUhWbVoxUU5JNUs1&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zznl1GXvfPbJsS_O6g3XqI_e7GksNvFVls3T1q9qXDi3xQMJb3Hch2Ftg

Request Chain 205

https://fksnk.com/cs/google?google_gid=CAESEHkkZbY6knT4-G3i9sWq9x8&google_cver=1&google_push=AXcoOmS5HMs82cQpOFry14Tiwh0XcZ14P_PYU554RtzZ5Uz5qv_j6_7SQBVNHii2UBMtK94aQ8-kvUom-DOpzJ_PbSvMyadxsguaAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NEJFQjVCNjM2Nzc1Mzg5Mg==

Request Chain 206

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOACBoJPQ3oMsXmtDusCcQ0&google_cver=1&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPkNG1_VOtKAfi-Ng HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=KFYjPrFbQcAilhy4jD-Lbg&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPkNG1_VOtKAfi-Ng

Request Chain 207

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_cver=1&google_push=AXcoOmSBGujA-wk062SQrIz_wjS1ipQWhUFXEDLHST5K5_tsuvLnisAk6Q3qMu7mdWh_U_h5_6um2oQkAAJHSZULBCWcDG10LzGT HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_hm=ZRw-qyd5lMCvXHO6QNMY-gAAFAsAAAIB&google_nid=index&google_push=AXcoOmSBGujA-wk062SQrIz_wjS1ipQWhUFXEDLHST5K5_tsuvLnisAk6Q3qMu7mdWh_U_h5_6um2oQkAAJHSZULBCWcDG10LzGT

Request Chain 208

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF8LdVWsyHar6-_HVusaG8Y&google_cver=1&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF8LdVWsyHar6-_HVusaG8Y&google_cver=1&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ&google_hm=HbMxtGZHJo6FEHhSQgOnU1Ob

Request Chain 209

https://google.partners.tremorhub.com/sync?UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9bBKnDg8D8bC1XmU-HirOHCM5YuCY_g6hR4KIEoMaNe9OctdrU6-L9ukwVG9CqQq6BAW48TQ9ZZg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=M2IzZmYwMTM0OGQ0NDNhMDlkY2FkMTliN2E2NWM3NjA%3D&UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9bBKnDg8D8bC1XmU-HirOHCM5YuCY_g6hR4KIEoMaNe9OctdrU6-L9ukwVG9CqQq6BAW48TQ9ZZg

217 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request qidazui_di3ji_zhushendenilinriyu-lingmuyang Show response
www.xgcartoon.com/detail/ 84 KB
18 KB 1032ms
386ms Document
text/html 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: fa7f818d8c4758f79e338d0c26f9b08e3e102302c22ff95b926d394c5c27785f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 03 Oct 2023 16:17:44 GMT
etag: "1509a-ntpVgiJW8z6LP3f14nXfPfK9ymE"
expires: Tue, 03 Oct 2023 16:18:44 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
71 KB 140ms
67ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb674de5636ad731f83bbd141aaac1337fd1539cf7976b59f7dbf17730c1dac6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73010
x-xss-protection: 0
server: sffe
etag: "b44d49b4390daba4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
23 KB 169ms
96ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6f226bf73d309afec0f8136aadcd4c31a5fb38158edc76f2be201529cea88e4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23140
x-xss-protection: 0
server: sffe
etag: "f5b07adb469547c2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-autocomplete-0.1.js Show response
cdn.ampproject.org/v0/ 29 KB
10 KB 128ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-autocomplete-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa1305d7baebcaaca830bdaa875d69c9ffaf511c107d90d6c94d505589d6dc67

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9433
x-xss-protection: 0
server: sffe
etag: "b14eeeba16ce92c6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 50 KB
15 KB 174ms
105ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c849575fe72d56d0355d4e41ce8eab134584f902f1e6e6e929c6b5c73e0f1b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14981
x-xss-protection: 0
server: sffe
etag: "a6229935c5b0422a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
15 KB 179ms
111ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3fe2201aeda9050d5a049b03528e35c36bc20298f05b3e5e2a3574c385b683d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15378
x-xss-protection: 0
server: sffe
etag: "3b480126f8007a6f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 178ms
110ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b99ee275208ffdee7bbd9fdaade2698a3709c3fd608d82d9670ecdc7e05d132d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4743
x-xss-protection: 0
server: sffe
etag: "603c8b5d2fa04c60"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
10 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cefd5bd9a30367cb1a5e8dc7168f1515a31a53786b415865c867c221c74b5ace

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10347
x-xss-protection: 0
server: sffe
etag: "a73f5bd113ba16d2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b22b527a652c53284f5339711a08c2ef2667565d35c09e38f835593e2fdea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32178
x-xss-protection: 0
server: sffe
etag: "ecb8b9e35f89310d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 /
c.statcounter.com/12916097/0/c55d9f9f/1/ 49 B
468 B 235ms
168ms Image
image/gif 104.20.219.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.statcounter.com/12916097/0/c55d9f9f/1/
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.219.77 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:45 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
cf-ray: 81067f424e7f1c79-FRA
content-length: 49
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 logo.png
www.xgcartoon.com/img/ 13 KB
13 KB 209ms
208ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/logo.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:45 GMT
last-modified: Sun, 28 Aug 2022 14:10:33 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"3473-182e4ca3706"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 13427
expires: Tue, 03 Oct 2023 16:20:45 GMT

GET
H2 200 qidazui_di3ji_zhushendenilinriyu-lingmuyang.jpg
static-a.xgcartoon.com/cover/ 24 KB
24 KB 968ms
904ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/qidazui_di3ji_zhushendenilinriyu-lingmuyang.jpg?w=230&h=280&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9335a20f2c7f9909329b084c9814cb5483c9fcfa3ec9a55867faa22d37ef406d

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 30 Oct 2022 06:33:07 GMT
server: cloudflare
etag: "019106BABEB97B745D5E84312C66FAAB"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81067f43cd8603f8-FRA
content-length: 24205
expires: Wed, 04 Oct 2023 10:18:34 GMT

GET
H2 200 play.png
www.xgcartoon.com/img/ 470 B
667 B 206ms
205ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/play.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:45 GMT
last-modified: Wed, 17 Aug 2022 11:09:20 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1d6-182ab7e5700"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 470
expires: Tue, 03 Oct 2023 16:20:45 GMT

GET
H2 200 star.png
www.xgcartoon.com/img/ 424 B
621 B 204ms
202ms Image
image/png 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xgcartoon.com/img/star.png
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:45 GMT
last-modified: Wed, 17 Aug 2022 11:09:12 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"1a8-182ab7e37c0"
content-type: image/png
cache-control: max-age=180
accept-ranges: bytes
content-length: 424
expires: Tue, 03 Oct 2023 16:20:45 GMT

GET
H2 200 zhuanshengguizudeyishijiemaoxianlu_buzhizizhongdezhushendeshituzhuanshengguizudeyishijiemaoxianlu_zhuanshengguizuyishijiemaoxianlu_zizhongzhishenshituriyu-yezhou.jpg
static-a.xgcartoon.com/cover/ 72 KB
72 KB 1097ms
1033ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/zhuanshengguizudeyishijiemaoxianlu_buzhizizhongdezhushendeshituzhuanshengguizudeyishijiemaoxianlu_zhuanshengguizuyishijiemaoxianlu_zizhongzhishenshituriyu-yezhou.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96de8a8e9fa77c476647c1746de42eb8811a8db2c36b2c675f779b53d040902b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
cf-cache-status: HIT
last-modified: Mon, 03 Apr 2023 07:14:25 GMT
server: cloudflare
etag: "D386D9191EB1802357262833A473FE84"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81067f43cd8703f8-FRA
content-length: 73651
expires: Wed, 04 Oct 2023 10:50:29 GMT

GET
H2 200 heshantianjinxinglv999delianaiheshantiantanchanglv999delianairiyu-zhenbai.jpg
static-a.xgcartoon.com/cover/ 67 KB
67 KB 537ms
473ms Image
image/png 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/heshantianjinxinglv999delianaiheshantiantanchanglv999delianairiyu-zhenbai.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62261968173cff7922e600b9d34d30d5df2efb03a2afe2c4e6e8e1a0b0c96e50

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
cf-cache-status: HIT
last-modified: Sun, 02 Apr 2023 07:18:53 GMT
server: cloudflare
etag: "FC80C97BAE0BF06A0D5E88DA0E90F613"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81067f43cd8a03f8-FRA
content-length: 68735
expires: Wed, 04 Oct 2023 10:42:48 GMT

GET
H2 200 weimeihaodeshijiexianshangbaoyanriyu-xiaozao.jpg
static-a.xgcartoon.com/cover/ 9 KB
9 KB 946ms
883ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/weimeihaodeshijiexianshangbaoyanriyu-xiaozao.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ff69293c848bb04c7f4c328ed4e0124deb8e6003ff78cc1731649ca67590261

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sat, 08 Apr 2023 12:12:10 GMT
server: cloudflare
etag: "5A812072F8D4648FDFDA72B1CB9536C4"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81067f43cd8c03f8-FRA
content-length: 9368
expires: Wed, 04 Oct 2023 14:32:41 GMT

GET
H2 200 qidazui_di4ji_fennudeshenpanriyu-lingmuyang.jpg
static-a.xgcartoon.com/cover/ 11 KB
12 KB 334ms
271ms Image
image/jpeg 2606:4700:10::6816:2e93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-a.xgcartoon.com/cover/qidazui_di4ji_fennudeshenpanriyu-lingmuyang.jpg?w=280&h=120&q=100
Requested by: Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2e93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e2933f632e8142b155e29fc235e1078447744dfa6eb6428754944bb4d41c00e

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:45 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Sun, 30 Oct 2022 06:55:29 GMT
server: cloudflare
etag: "8727B938EAA96921A0B6FF0B8DBBB0AC"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=259200
accept-ranges: bytes
cf-ray: 81067f43cd8b03f8-FRA
content-length: 11636
expires: Wed, 04 Oct 2023 15:49:49 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 8 KB
3 KB 76ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141a9b0b0492c8b4e7deb1e0537c69d01a3af169bf0c6e3a70c027856fdcedf4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 593191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2976
x-xss-protection: 0
server: sffe
etag: "07fb3dc7eac63481"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
H3 200 amp-ad-network-doubleclick-impl-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 237 KB
63 KB 48ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-ad-network-doubleclick-impl-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aa4a7bb3250246172fb936a76cad3eda063687abf10aeef1780a2fb659a9abc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 593191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64071
x-xss-protection: 0
server: sffe
etag: "554c2edaf6ccd50b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 953 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 792 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 154 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012309151607000/v0/ 12 KB
4 KB 45ms
34ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce5d2c5db39edc66c10096838a6c9c92a20e3d2b3f1f19a274bbd2848a8f2e07

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Origin: https://www.xgcartoon.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:14 GMT
age: 593191
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3936
x-xss-protection: 0
server: sffe
etag: "3d96bab6a7d5a37d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:14 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 136 KB
47 KB 832ms
779ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_header&adk=1412529771&sz=728x90%7C728x90&output=html&impl=ifr&ifi=1&msz=1200x-1&psz=1200x-1&fws=4&adf=2815854195&nhd=0&adx=436&ady=120&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=251006157&ga_cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ga_hid=6157&dt=1696349865631&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&bdt=395&dtd=14&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ce6586d8c12301c4f22056f74b6d16d7d47b4380f77758ef62089afbd131dd7

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO_Yvtmj2oEDFZi6dwodUA4CFw&gqi=qT4cZY65K6upjuwP_J63EA&layout=/sadbundle/%24csp%253Der3%24/8897751737525207568/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO_Yvtmj2oEDFZi6dwodUA4CFw&gqi=qT4cZY65K6upjuwP_J63EA&layout=/sadbundle/%24csp%253Der3%24/8897751737525207568/index.html
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:46 GMT
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47535
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: CO_Yvtmj2oEDFZi6dwodUA4CFw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 03 Oct 2023 16:17:46 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 136 KB
48 KB 359ms
307ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_vrec_1&adk=3018598273&sz=320x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=2&fluid=height&msz=232x-1&psz=232x-1&fws=4&adf=1409058554&nhd=0&adx=350&ady=819&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=251006157&ga_cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ga_hid=6157&dt=1696349865631&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&bdt=395&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18b0845b26a7ccf2e93099a57d37edfb698c03ce9db6d2ee189271bf50d1c8a5

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COqCptmj2oEDFbOGgwcdi3IKSw&gqi=qT4cZdi8K_SpjuwPjJuv8Ag&layout=/sadbundle/%24csp%253Der3%24/3071748555402318156/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COqCptmj2oEDFbOGgwcdi3IKSw&gqi=qT4cZdi8K_SpjuwPjJuv8Ag&layout=/sadbundle/%24csp%253Der3%24/3071748555402318156/index.html
content-encoding: br
x-content-type-options: nosniff
date: Tue, 03 Oct 2023 16:17:45 GMT
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 160x600
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47645
x-xss-protection: 0
google-lineitem-id: -1
x-qqid: COqCptmj2oEDFbOGgwcdi3IKSw
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-creative-id: -1
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 03 Oct 2023 16:17:45 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 1170ms
1119ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_hrec_1&adk=948107268&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=3&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=2674978360&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=251006157&ga_cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ga_hid=6157&dt=1696349865631&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&bdt=395&dtd=16&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcd084f24c3dc4464fbaccc2f9b7260c74164bb581c9f7bd732b40993531b1a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 320x100
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13242
x-xss-protection: 0
google-lineitem-id: 208234953
x-qqid: CL-ypdmj2oEDFQKpdwodoqcI_w
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 107027453793
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 03 Oct 2023 16:17:46 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
23 KB 522ms
471ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_mob_anime_vrec_1&adk=132656383&sz=320x50%7C336x280%7C320x480%7C320x100%7C320x50%7C300x600%7C300x250%7C300x100%7C300x50%7C160x600%7C120x600&output=html&impl=ifr&ifi=4&fluid=height&msz=120x-1&psz=120x-1&fws=4&adf=1627611741&nhd=0&adx=0&ady=0&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=251006157&ga_cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ga_hid=6157&dt=1696349865631&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&bdt=395&dtd=17&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b90bb6817c2393fe73ada8db342d765b4fe31526bec3cae89abdb0f2b8b38b41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
x-creativesize: 300x600
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23457
x-xss-protection: 0
google-lineitem-id: 6350518038
x-qqid: CPuVpdmj2oEDFaqIgwcd1G0DjQ
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138441357283
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 03 Oct 2023 16:17:46 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 66 KB
23 KB 1000ms
950ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F71161633%2FXGTON_xgcartoon%2Famp_desk_anime_hrec_1&adk=156774037&sz=320x50%7C728x90%7C468x60&output=html&impl=ifr&ifi=5&fluid=height&msz=892x-1&psz=892x-1&fws=4&adf=1662822972&nhd=0&adx=954&ady=988&oid=2&ptt=13&gdfp_req=1&sfv=1-0-37&u_sd=1&is_amp=3&amp_v=2309151607000&d_imp=1&c=251006157&ga_cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ga_hid=6157&dt=1696349865631&biw=1600&bih=1200&u_aw=1600&u_ah=1200&u_cd=24&u_w=1600&u_h=1200&u_tz=120&u_his=2&vis=1&scr_x=0&scr_y=0&bc=7&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&bdt=395&dtd=18&__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1bc4aa5c920cf22f6169952d4c0c83a5976131390d4a7abffcea634c0af022f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
x-ampsafeframeversion: 1-0-40
observe-browsing-topics: ?1
google-mediationgroup-id: -2
x-creativesize: 728x90
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
x-ampadrender: safeframe
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23446
x-xss-protection: 0
google-lineitem-id: 6136661665
x-qqid: CKarpdmj2oEDFU2edwodPC0GBg
amp-access-control-allow-source-origin: https://www.xgcartoon.com
server: cafe
google-mediationtag-id: -2
google-creative-id: 138370495019
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.xgcartoon.com
access-control-expose-headers: Google-Creative-Id,Google-LineItem-Id,AMP-Access-Control-Allow-Source-Origin,X-CreativeSize,X-QQID,amp-ff-sandbox,X-AmpSafeFrameVersion,X-AmpAdRender
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
amp-ff-sandbox: true
expires: Tue, 03 Oct 2023 16:17:46 GMT

GET
H2 200 container.html
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ 0
0 145ms
56ms Other
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.xgcartoon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012309151607000/v0/analytics-vendors/ 2 KB
886 B 22ms
21ms Fetch
application/json 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012309151607000/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 26 Sep 2023 19:31:01 GMT
age: 593205
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 856
x-xss-protection: 0
server: sffe
etag: "299923aefdac6510"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Sep 2024 19:31:01 GMT

GET
H2 200 ga4.json Show response
www.xgcartoon.com/js/ 4 KB
2 KB 206ms
206ms Fetch
application/json 169.150.222.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xgcartoon.com/js/ga4.json?__amp_source_origin=https%3A%2F%2Fwww.xgcartoon.com
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.150.222.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-169-150-222-217.datapacket.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2

Request headers

Accept: application/json
Referer: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang
AMP-Same-Origin: true
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:46 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 10:49:40 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"11d8-187c255423d"
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=180
accept-ranges: bytes
expires: Tue, 03 Oct 2023 16:20:46 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 94ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8WE8LSVZQB&ds=AMP&_p=6157&cid=amp-2rxHFmxyD5GWF1QEpHBwWA&ul=en-us&sr=1600x1200&_s=1&dl=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&dr=&dt=%F0%9F%8D%9B%E4%B8%83%E5%A4%A7%E7%BD%AA%EF%BC%88%E4%B8%83%E5%8E%9F%E7%BD%AA%E3%80%81%E4%B8%83%E4%BA%BA%E5%82%B3%E5%A5%87%EF%BC%89%E7%AC%AC3%E5%AD%A3%20%E8%AB%B8%E7%A5%9E%E7%9A%84%E9%80%86%E9%B1%97%E3%80%90%E6%97%A5%E8%AA%9E%E3%80%91%20%E5%85%8D%E8%B2%BB%E9%AB%98%E6%B8%85%E5%8D%A1%E9%80%9A%E5%8B%95%E6%BC%AB%E5%9C%A8%E7%B7%9A%E7%9C%8B%20-%20%E8%A5%BF%E7%93%9C%E5%8D%A1%E9%80%9A&_fv=1&_ss=1&__dbg=1&en=page_view&sid=1696349867&sct=1&seg=1&_et=1000&gcs=
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.xgcartoon.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xgcartoon.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0ADC 6 KB
3 KB 59ms
58ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:46 GMT
expires: Wed, 02 Oct 2024 16:17:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A82F 6 KB
3 KB 56ms
55ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:46 GMT
expires: Wed, 02 Oct 2024 16:17:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9FB1 6 KB
3 KB 54ms
54ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:46 GMT
expires: Wed, 02 Oct 2024 16:17:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 017C 6 KB
3 KB 53ms
53ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:46 GMT
expires: Wed, 02 Oct 2024 16:17:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 47BA 6 KB
3 KB 49ms
49ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-ad-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xgcartoon.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:46 GMT
expires: Wed, 02 Oct 2024 16:17:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/ Frame 5094 153 KB
65 KB 23ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34021e046d7cf0074446a69e1a4cd859e0adf78720d9cdccd31fdea0f08934c5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 555787
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 64758
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 05:54:39 GMT
expires: Thu, 26 Sep 2024 05:54:39 GMT
last-modified: Wed, 30 Aug 2023 02:27:50 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame 0ADC 23 KB
9 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac4a2fcf56f3a5815338b809cd7e8b9a80b676bc6ad801f4c9666b3e9c7bdfd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9131
x-xss-protection: 0
server: cafe
etag: 6297790743806441599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D3CC 143 B
383 B 73ms
21ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 3231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 15:23:55 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 0ADC 3 KB
1 KB 50ms
48ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 11:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 11:45:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 0ADC 20 KB
8 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/ Frame 1D3B 115 KB
28 KB 22ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f3173360d2126a411d99789f08b3b5ec679cab0b89350cae3986169624f9a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 562125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 28149
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 04:09:01 GMT
expires: Thu, 26 Sep 2024 04:09:01 GMT
last-modified: Wed, 30 Aug 2023 02:27:48 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame A82F 23 KB
9 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac4a2fcf56f3a5815338b809cd7e8b9a80b676bc6ad801f4c9666b3e9c7bdfd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9131
x-xss-protection: 0
server: cafe
etag: 6297790743806441599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DF8C 143 B
200 B 44ms
22ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 3231
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 15:23:55 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame A82F 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 16:13:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame A82F 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9FB1 97 KB
29 KB 113ms
112ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21700cf92f5c257c85572250ecfd86056dd9ff6e439b7fbf1173bdeef134896d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29335
x-xss-protection: 0
server: cafe
etag: 338 / 19633 / m202309280101 / config-hash: 18346230598739657090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FB1 187 KB
59 KB 105ms
55ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9FB1 0
462 B 59ms
59ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssyNi1w8HpGN2J7GxaTpviqwlEpIqphb8MP92eIaN7pizuR-ct_TPdLG0J2v-9CAlqkkxpkcq725jIx7vYyRC4dpwsZhiEt5PhUkCXCONFv_6JBmY0vj26XSfwLxqiMcsMOCV82FfvgWUz4iqvueaZr6uN7qKkKmYJ0C8UtnT699db81fAIk7SHz7ltYU2LuW3rGoKO7AG_ylHkwBGUjiZ4TphWTiq2SadN40fBtKrJ8nq5OwEHDYY2xvwZaKjPqzfQhQWugIMg4QIG30XD0mael1rhK0iTo20eQNC3IZ6RP1o54_v-64yTKh653lCQIzGNeOw3OxXnPSzJG-n-jB4CazYUvOJ_RG_d41KSQ8sTd0E&sai=AMfl-YT0JlVv9WFvrqQ_ln95485afs7FxK92gs139Wctlba0MiNAujl8V2YoO-Ho45RkY36zLvLpHEqGYvj3yPA&sig=Cg0ArKJSzHrkFsq7gRGbEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 017C 97 KB
29 KB 193ms
193ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbdd1f9b8a653864f3454d7b4716d07d9b6f49d12f52e22457889b7257ff66c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29335
x-xss-protection: 0
server: cafe
etag: 498 / 19633 / m202309280101 / config-hash: 18346230598739657090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 017C 187 KB
59 KB 139ms
99ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 017C 0
292 B 59ms
59ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst2gTc4JMK5RLC0eDDUtfRsF9UA8h9w-bMB1owY4JyGfHCV-av45H7FOwxyErnzQUD1PHNOR7guyf7WUycRkEH5roc4DD6rFrF2cyKNBEj6iNQ_Hj8sQQS1G7xLzW0YUKCldmkW30YlnnZp0r0C5mOB9hLf0U9CdqNKFHreM4KrZOf1SfP-iPUYg1ok4yTxuNao1OVdOXsfNHlIC6e-V8I3uVKEyHbeVWlQk_qq1db7osdcI2pcywIgaK54XTNT97NyicZloDFr1YzRTf9f1Peiu6f7e2VJ2eUz2hZLGrK_GxFURczczrBWOP4EUQVE_nb3cYJZTyXlhqOii_1hXWvHmDzEOOWfFIB5cWCWVqwrof6x&sai=AMfl-YSg8MieC5dvIkpC2rIwtN7nAIqNxk2Asv0kYDxyuHRD9yjFptW3eYunPiaSXLRkKySssUoCFGmMpaDVowA&sig=Cg0ArKJSzGFn22fwqmv4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 47BA 24 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 380617
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 28 Sep 2024 06:34:09 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 47BA 18 KB
8 KB 100ms
99ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1a1d3f0e885f1f1d98989a432f4616f2be2e936ff0c8759593197fa04ea1e4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7880
x-xss-protection: 0
server: cafe
etag: 14211581355714118581
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 47BA 187 KB
59 KB 122ms
89ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5094 16 KB
6 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 19:46:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 03 Oct 2023 19:46:05 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5094 34 KB
13 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8897751737525207568/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 02:28:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49744
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 04 Oct 2023 02:28:43 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 1D3B 16 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 19:46:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 03 Oct 2023 19:46:05 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 1D3B 34 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 02:28:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49744
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 04 Oct 2023 02:28:43 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0ADC 187 KB
59 KB 116ms
116ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
DATA 200
OK truncated
/ Frame 0ADC 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e43c27129ff87860bb6c371cd91e51f6a7aa1d9122624cd1944d8153467e05f8

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 47BA 0
26 B 60ms
60ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssoW1hDkAskopaeA5oFsnmEuEL5mgUSlQHy0G31pAwWRqFrM7HXD0GwsSqYhJgdtWAYOnKScMWO5U7YL9P-Uw22iIwcYOA6FGTSk4o7riNHtZOnD9BhRZq3HHOs-gx1r3sHfp4FvFNWe9WhXntOPDuiYb28hdsFm9KW3CjTPv8Ug6k7kiWBUgxroJ1Wvfz25pxDy6Fx4SGsC7BDYIIqB2GF20EUwOCyL7yIt8jBKAELsNEK4ZdRgjiYNPpOGzA18MxsK34PuA1v_NqlzZ8i2mwqRLTdoxI7Ia-8tYOSceJchRMjuMMh23JseFTJ3AmR-jC4ENBcOpVfG-w8DVkRhTCH60xBarCNntNPlcjE&sai=AMfl-YQAzsnkM7emPH4moedkACG10q0IEDeTSay322FsGVZZvBV8_s5eLubGq1IPZhfouXtMxUfgc9goQY4A8Rk&sig=Cg0ArKJSzN0MM_XCok2PEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A82F 187 KB
59 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D3CC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
281 B

36ms
36ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DF8C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
136 B

39ms
36ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A82F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6193ef1ac85090fce999852868286a8502105185bef718199d69edf5ceb86313

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5094 24 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d5a3f04b91e0360e79e56f5d5955addfc3b3365e691a532640abf9c86e24d24

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5094 13 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6985fd0356fbee0df99d652c5172f01a4cf4abc377dd0a87affd11ad9ccba76

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 5094 37 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 3516631676127494912
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 52 KB
52 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/3516631676127494912

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3a95c780e94d916656548d7a3731c9f26cfc6b7c7cf7c7c7c1a374f2a4cec6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 18:12:23 GMT
x-content-type-options: nosniff
age: 425124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53725
x-xss-protection: 0
last-modified: Sat, 20 May 2023 19:11:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 27 Sep 2024 18:12:23 GMT

GET
H3 200 2023669279976010507
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 72 KB
72 KB 30ms
29ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/2023669279976010507

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5f095c4e9569faff0652dd7fc5f549af4696275226fa6d9ccaeb25521768d10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 08:49:15 GMT
x-content-type-options: nosniff
age: 458912
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74138
x-xss-protection: 0
last-modified: Mon, 22 May 2023 09:58:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 27 Sep 2024 08:49:15 GMT

GET
H3 200 10823254944621028040
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 52 KB
52 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/10823254944621028040

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a16b26baebe653a88604831fc59bd38f7848491d5beed5165afb02dac40b975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 10:58:37 GMT
x-content-type-options: nosniff
age: 19150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53394
x-xss-protection: 0
last-modified: Tue, 23 May 2023 08:16:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 02 Oct 2024 10:58:37 GMT

GET
H3 200 6962342023993395798
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 30 KB
30 KB 33ms
32ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/6962342023993395798

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c1387c88b16ecfdbe1df4e21143068c445173be07582189eee68c4dacb2f09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:14:53 GMT
x-content-type-options: nosniff
age: 370974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30504
x-xss-protection: 0
last-modified: Sun, 21 May 2023 18:41:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 09:14:53 GMT

GET
H3 200 9748262786698640375
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 49 KB
49 KB 49ms
48ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/9748262786698640375

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e497e42ddc988c37d46e9ec59af849b5976c86995df0dc196568c35c1d74c109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 04:28:29 GMT
x-content-type-options: nosniff
age: 560958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49698
x-xss-protection: 0
last-modified: Sat, 20 May 2023 18:14:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 26 Sep 2024 04:28:29 GMT

GET
H3 200 10687859347649307695
tpc.googlesyndication.com/gpa_images/simgad/ Frame 5094 246 KB
246 KB 45ms
44ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/10687859347649307695

Requested by

Host: ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
URL: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fab862d28ba45d5db261634132fcdc5c55e8b061671f3eba2c747885aa21cad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 23:40:43 GMT
x-content-type-options: nosniff
age: 146224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251412
x-xss-protection: 0
last-modified: Sun, 21 May 2023 13:31:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 30 Sep 2024 23:40:43 GMT

GET
H2 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D3B 37 KB
14 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 9748262786698640375
tpc.googlesyndication.com/gpa_images/simgad/ Frame 1D3B 49 KB
49 KB 68ms
67ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/9748262786698640375

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e497e42ddc988c37d46e9ec59af849b5976c86995df0dc196568c35c1d74c109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 04:28:29 GMT
x-content-type-options: nosniff
age: 560958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49698
x-xss-protection: 0
last-modified: Sat, 20 May 2023 18:14:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 26 Sep 2024 04:28:29 GMT

GET
H3 200 10823254944621028040
tpc.googlesyndication.com/gpa_images/simgad/ Frame 1D3B 52 KB
52 KB 59ms
58ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/10823254944621028040

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a16b26baebe653a88604831fc59bd38f7848491d5beed5165afb02dac40b975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 10:58:37 GMT
x-content-type-options: nosniff
age: 19150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53394
x-xss-protection: 0
last-modified: Tue, 23 May 2023 08:16:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 02 Oct 2024 10:58:37 GMT

GET
H3 200 6962342023993395798
tpc.googlesyndication.com/gpa_images/simgad/ Frame 1D3B 30 KB
30 KB 53ms
52ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/6962342023993395798

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c1387c88b16ecfdbe1df4e21143068c445173be07582189eee68c4dacb2f09c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:14:53 GMT
x-content-type-options: nosniff
age: 370974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30504
x-xss-protection: 0
last-modified: Sun, 21 May 2023 18:41:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 09:14:53 GMT

GET
H3 200 10687859347649307695
tpc.googlesyndication.com/gpa_images/simgad/ Frame 1D3B 246 KB
246 KB 66ms
65ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/10687859347649307695

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3071748555402318156/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fab862d28ba45d5db261634132fcdc5c55e8b061671f3eba2c747885aa21cad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 23:40:43 GMT
x-content-type-options: nosniff
age: 146224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251412
x-xss-protection: 0
last-modified: Sun, 21 May 2023 13:31:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 30 Sep 2024 23:40:43 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 47BA 143 KB
49 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05fb381a67f84577da22e172fb9e5900baafddda5a4b52efcd7f878a26fbff64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50541
x-xss-protection: 0
server: cafe
etag: 16230122975413092903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/ Frame 9FB1 413 KB
130 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 13:47:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9033
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133452
x-xss-protection: 0
server: cafe
etag: 5291400228273913750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 02 Oct 2024 13:47:14 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9FB1 26 KB
12 KB 277ms
276ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4309628138426182&correlator=1480036822821095&eid=31077696%2C31078453&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_mob_anime_vrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C120x600%7C160x600%7C300x100%7C300x250%7C300x600&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com&abxe=1&dt=1696349867380&adxs=-12245933&adys=-12245933&biw=300&bih=1200&scr_x=0&scr_y=0&ucis=wjfq2c1jf647&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&loc=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=0x0&fws=256&ohw=0&ea=0&dlt=1696349866929&idt=432&prev_scp=in2w_key9001%3D1%26in2w_key%3D26%26in2w_key2%3Dnope%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D26%26in2w_key9%3Doptimization_request%26in2w_key15%3Do0%26in2w_key16%3D1&adks=1594393081&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f88777ded800643f7d6832c1bf4e15a8cc71c45772e46340d9ad7932451d204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12232
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A2D4 6 KB
3 KB 88ms
57ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Wed, 02 Oct 2024 16:17:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 107ms
56ms Preflight
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=ChVOLqT4cZaqKLbONjuwPi-Wp2ASmzub6cvOapPL0EaXL_d8FEAEg08vOMGD1lc6B4ASgAZ6avJUpyAEJ4AIAqAMByANIqgTJAk_Qggjv4WaZWyyv8kqU-6S5hs9stYw7WEnT0vI2D6kiqmDl7AmxTd2timQKrYzMVsYjGX6YR6CMsb0DKn2GUetPM1atvmUfDWlRhYF-r-Hwt0V7C-qKToI_koZed0qGG7BKgBp-fJASYztRkJzIoMG6LbGpk2cBZQpomOsMjmECm9hWvtkt1Y-to4YlDziT4C8G6R7SkHJxp-HoYsjFokOr_I4aw_UJFI1c3HP7dNDCySB08xPJCRXIkgjnQEDzBdyIYv-CJeluEDyMudYH-1gjuYuCqUR3qUuhUkGJKUhpvib48tACvQxrrQRaiQMu4CeW52Lr72XnjULgMoeHMW7wYf2DL8MdFC6ks3jRxxbuReuDI6yXbWoxusCqKT1ODBnX_aVqePeSiBvUMOQTO93gg7voRHz9hXcB9PdPTX9bL7vVNQtKFR0vwATqnpfCrwTgBAGIBcKK1vtJkgUECAQYAZIFBAgFGASgBi6AB57SjPUDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEKfjAdIIFAiAYRABGB0yAooCOgKAQEi9_cE6mgkoaHR0cHM6Ly93d3cuZ2FtZW9ueXguY29tL2tpZHMtZ2FtZXMuaHRtbIAKA8gLAdoMEAoKEKCIhMDi_pGDDxICAQPiDRMIoo-l2aPagQMVs4aDBx2LcgpL2BMM0BUBgBcBshceChwIABIUcHViLTMwMzkxOTk1MDM0MDM2MzQYmdIh&sigh=Vkd71blLxMM&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaND6SynGOTjxcPJ50sq_JijDCg8CTozBgB&template_id=531&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame A82F
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=ChVOLqT4cZaqKLbONjuwPi-Wp2ASmzub6cvOapPL0EaXL_d8FEAEg08vOMGD1lc6B4ASgAZ6avJUpyAEJ4AIAqAMByANIqgTJAk_Qggjv4WaZWyyv8kqU-6S5hs9stYw7WEnT0vI2D6ki...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337c...

0
0

108ms
58ms

Fetch
text/css

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337cdc745ca4ad0000000000000000%22,%224%22:%220xcc32577d5de9645b0000000000000000%22,%225%22:%220xcf02243aead2188a0000000000000000%22},%22debug_key%22:%229279753791344987369%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2210-03%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218193685935930401585%22}&andc=true

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xdfc0ac0f74960d2d0000000000000000","2":"0xaf9ef6b0e1529a980000000000000000","3":"0xfd337cdc745ca4ad0000000000000000","4":"0xcc32577d5de9645b0000000000000000","5":"0xcf02243aead2188a0000000000000000"},"debug_key":"9279753791344987369","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["10-03"],"6":["true"]},"priority":"500","source_event_id":"18193685935930401585"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xdfc0ac0f74960d2d0000000000000000","2":"0xaf9ef6b0e1529a980000000000000000","3":"0xfd337cdc745ca4ad0000000000000000","4":"0xcc32577d5de9645b0000000000000000","5":"0xcf02243aead2188a0000000000000000"},"debug_key":"9279753791344987369","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["10-03"],"6":["true"]},"priority":"500","source_event_id":"18193685935930401585"}&andc=true
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 017C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b2ec34fe9aac6ec92a78d99f457abdc874b029419c51bee9404f0ed8ccda45c

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 106ms
57ms Preflight
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CGOCzqj4cZe_bCJj13gPQnIi4AabO5vpyi8Ck8vQR4KOUmEMQASDTy84wYPWVzoHgBKABnpq8lSnIAQngAgCoAwHIA0iqBMgCT9CrgpXVWAy5BiVBsNwNz0MyQyYSs5SoGp5I2NCdEeMha9w0BObCP2WSccrCCzZ1cZ9imgfjqKKs2xtwBeFYEgdmeqg8Wit8B8FPCUwwKLaoZR0JTCcAMdeMH5iEsaj2XnnRz7Ei5brSXx9Zwjxi7XFpvwqXWfk1OY7E_QsIssMDEwTYmBJtKowOrEHmQcFt67aHjuWIHQxkfm3GUEhznzMCa11BazxFoHxBQfmsVA61BvB5QnHDSCIiDlgn7ZevRTdVpAJdi0E7tKPwGyfhE5fN08JqITzIg9b6Hx94FUCBRzRgdgSxm18NwR3FR_fr9GGC8ft1D0EpQXSA0yZrc1LFLhtuZokUen4aD8eWlwCVrlND9hThRVDk2hY2DXSy1re3y4iDpE3UWps6PuqYBo9wLgkGzIQ8MpBDT4g12l7--QORnKyd-8AE-Lr7zbIE4AQBiAXCitb7SZIFBAgEGAGSBQQIBRgEoAYugAee0oz1A6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCr7QHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJKGh0dHBzOi8vd3d3LmdhbWVvbnl4LmNvbS9raWRzLWdhbWVzLmh0bWyACgPICwHaDBAKChCwv-Co-Ofb30kSAgED4g0TCOGQpdmj2oEDFZi6dwodUA4CF9gTDNAVAYAXAbIXHgocCAASFHB1Yi0zMDM5MTk5NTAzNDAzNjM0GJnSIQ&sigh=-kvLf0CUXUA&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaN2jyevISzkjzSda0neWR_G9ni-sFDChgB&template_id=531&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 0ADC
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CGOCzqj4cZe_bCJj13gPQnIi4AabO5vpyi8Ck8vQR4KOUmEMQASDTy84wYPWVzoHgBKABnpq8lSnIAQngAgCoAwHIA0iqBMgCT9CrgpXVWAy5BiVBsNwNz0MyQyYSs5SoGp5I2NCdEeMh...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337c...

0
0

110ms
59ms

Fetch
text/css

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337cdc745ca4ad0000000000000000%22,%224%22:%220x7d146c96e1a9b5c60000000000000000%22,%225%22:%220xcf02243aead2188a0000000000000000%22},%22debug_key%22:%222816729592606104734%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2210-03%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22667083297042484081%22}&andc=true

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xdfc0ac0f74960d2d0000000000000000","2":"0xaf9ef6b0e1529a980000000000000000","3":"0xfd337cdc745ca4ad0000000000000000","4":"0x7d146c96e1a9b5c60000000000000000","5":"0xcf02243aead2188a0000000000000000"},"debug_key":"2816729592606104734","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["10-03"],"6":["true"]},"priority":"500","source_event_id":"667083297042484081"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xdfc0ac0f74960d2d0000000000000000","2":"0xaf9ef6b0e1529a980000000000000000","3":"0xfd337cdc745ca4ad0000000000000000","4":"0x7d146c96e1a9b5c60000000000000000","5":"0xcf02243aead2188a0000000000000000"},"debug_key":"2816729592606104734","debug_reporting":true,"destination":"https://gameonyx.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11050880286"],"4":["10-03"],"6":["true"]},"priority":"500","source_event_id":"667083297042484081"}&andc=true
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/ Frame 017C 413 KB
130 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 13:47:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9033
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133452
x-xss-protection: 0
server: cafe
etag: 5291400228273913750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 02 Oct 2024 13:47:14 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291001/ Frame 47BA 380 KB
129 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291001/show_ads_impl_fy2021.js?bust=31078422

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

102d94d49d9ad2b6cae435c8d89ace9bfe0faf5901c2c010954531b44db015f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131694
x-xss-protection: 0
server: cafe
etag: 9215481278060461196
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230928/r20190131/ Frame FD3D 10 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230928/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 33753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 06:55:14 GMT
etag: 2603938475786422795
expires: Tue, 17 Oct 2023 06:55:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 017C 25 KB
12 KB 251ms
251ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949002477549718&correlator=652029297884824&eid=31077099&output=ldjh&gdfp_req=1&vrg=202309280101&ptt=17&impl=fifs&tfcd=0&iu_parts=71161633%2CXGTON_xgcartoon%2Camp_desk_anime_hrec_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C468x60%7C728x90&fluid=height&ifi=1&sfv=1-0-40&eri=4&sc=1&cdm=ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com&abxe=1&dt=1696349867491&adxs=0&adys=0&biw=728&bih=180&isw=728&scr_x=0&scr_y=0&ucis=5f75m8exdf8q&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.xgcartoon.com%2Fdetail%2Fqidazui_di3ji_zhushendenilinriyu-lingmuyang&loc=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D0&top=www.xgcartoon.com&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&dlt=1696349866932&idt=551&prev_scp=in2w_key9001%3D1%26in2w_key%3D4%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx1580%26in2w_key4%3D--38gz%26in2w_key5%3Doptimization%26in2w_key6%3D--3qgz%26in2w_key7%3D1580%26in2w_key8%3D4%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D1&adks=773267464&frm=24

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8facf9afcd0ea4dd63dae7283974e4ced1a4fbefba07e691c1798ef9916b0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11996
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 435B 6 KB
3 KB 83ms
57ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Wed, 02 Oct 2024 16:17:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9FB1 0
0 61ms
60ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstuiIafHqwNSzOgHdDlMppEOQMyEvnMIKM2Ly0uYN58qQMl3fkMg_orl43aNzjg30DR3TyMVvOaXSG1oOhsZSwQMW7VyIHR5O2CgMUqRURNj2h18dru7rqA1RBYaCFTwkolJBQPUWFa9sfEwsExAieIFH_lGrsqko-xIAs1xR62A3ESVPz9ydo9IYH6O9t5knDQ6cNwMc0IBPzyX_Sf9ODPrm6q-KMTMB2Jl6HtNnM3I2T95zxeEcJjtDpYr_dSux_CfQ2VtELh9o0hHTwHwIF_qw8rBXonDJHQ4ZFvPKtYl_Z1hoKkvTNB6rCtgoDaPZNeTv3YvkesFeUqpnK32CFlI1ZQ9t0syN4Hpr5lbCceSPFfWQ&sai=AMfl-YRpIGVxkxP1I06pp8ZQ94C_SVaGQSPcixY22X3VUeOKJ1puDufrDR2boDDO55B316tou038O-LLzKTaDLs&sig=Cg0ArKJSzCkRlNBeNTQkEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9FB1 16 KB
12 KB 117ms
73ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1028418bd63fb18a71c93ec9c97aafd1684f30825700fd4e68ae08af530465f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12382
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 117ms
57ms Preflight
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdfc0ac0f74960d2d0000000000000000%22,%222%22:%220xaf9ef6b0e1529a980000000000000000%22,%223%22:%220xfd337cdc745ca4ad0000000000000000%22,%224%22:%220x7d146c96e1a9b5c60000000000000000%22,%225%22:%220xcf02243aead2188a0000000000000000%22},%22debug_key%22:%222816729592606104734%22,%22debug_reporting%22:true,%22destination%22:%22https://gameonyx.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211050880286%22],%224%22:[%2210-03%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22667083297042484081%22}&andc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 118ms
59ms Preflight
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 017C 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuWTJrZP0_glHBrKTLOrwHW_xjSXttf7XTNWHLaWKW4JEVn5ZEh-sTqkYplVmN8Y4zZUtuahVZ15YHRCRZ5uM7qYURtZfV0ggzCRolgrznJwU0HfyuFUGV4kbpG-6lgpjlfM2eF1mKcEjN1DnJsVEVVJyc3r7gfaR6XMpsBuV9C_kI_izizEMDamNYPKpPdbF8VdEivHEP7En-_pky8hR1hLbUhLQlmomT5vKrPtNVv7AtvZfWrtFKYk788mWTuSQFElSF3uPEQR9U7l1X-J4vdf-zSS7sBDbsI30e7TqodCuAoqMQHEyZwQzSzqWsw3yfBUWpNWUNLIcdlrAuv7fc2p1AmcdIya-6Ys9AVCI348mSCqMI&sai=AMfl-YSQ2A9y6kxTKG3fRPohMnlupYzgiyfzbfs55dXIB_c_gEccH7pOvLYeaHssfRI0zDy67ym347MfOAOR5nQ&sig=Cg0ArKJSzIb0TGcvAHBmEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.xgcartoon.com
URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 017C 16 KB
12 KB 128ms
128ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309280101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66f7864931e2cff0dbc2155e05ab92fdc47c83780e686cca0e11bf827cf2591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12108
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9FB1 17 KB
6 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BC4B 24 KB
11 KB 468ms
468ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291001/show_ads_impl_fy2021.js?bust=31078422

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a566bd9cd6957ee48a15942c2dff659cd63da83624abb351f3b47635cf34c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11717
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:48 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5D5C 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Wed, 02 Oct 2024 16:17:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A644 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 15425
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 12:00:42 GMT
expires: Wed, 02 Oct 2024 12:00:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EA0C 829 B
997 B 33ms
32ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b3df87552fe5b484edbcaa1d77ad1d35b2f5a08519d5cb83aef3ec8c3f254efd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j9XnMxc0Nj2xHrJgsaEIug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-j9XnMxc0Nj2xHrJgsaEIug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Tue, 03 Oct 2023 16:17:47 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 017C 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 142B 478 B
195 B 67ms
65ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNV9dNVGaj--SqSeMR0fKHiMSA4qkCJ13CvDukMvuKGy_NTe8sMkf8PDSIyzH51QTRQoZWGn2A6f_gYjDiXpyUBb5gZleQ

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5D5C 89 KB
31 KB 103ms
102ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D5C 42 B
63 B 123ms
122ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Akr0Pan-nregxAiHbrN5SUSkN7IVk7yASyERkvXAIFRauTZO26kA2KPa4Zco9SzkgU9MVcPaudBCLHjDC3IQ55bEBvWJxJPTWY3Hc8mNfyOr0n4OU

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D5C 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5316804272167203184&x=1&ct=77

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 5D5C 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 249
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 16:13:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 5D5C 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81865
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D5C 187 KB
59 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 container.html Show response
c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 797E 6 KB
3 KB 24ms
23ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309280101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Wed, 02 Oct 2024 16:17:47 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame A644 37 KB
14 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 16:13:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EA0C 0
0 123ms
123ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309280101&jk=4309628138426182&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BF96 611 B
263 B 67ms
64ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNXc7CoFL0YSFy-kCwQ94PvQjyDud8nKVOFL_R27N9ViV9r_bdGP9EjQUiUsV1vUAlt56cLTwBEY0wuiCW4_QJ-DLy9Xaw

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 797E 89 KB
31 KB 94ms
90ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 797E 42 B
63 B 127ms
123ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AbYHaB4IryNBVYmA6N-0eQU2xzqyx8Pf-fima-eYHvTSsEVX67XK1s7kQgqu-YOG791l_7OKT2TYd7yjKnfkP1uqJYDDUr71C-iAJo3z4SGvKHDWI

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 797E 0
20 B 126ms
122ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9546921479807421819&x=1&ct=77

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 797E 32 KB
8 KB 100ms
26ms Script
application/javascript 217.79.188.59
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.59 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad4.adfarm1.adition.com/ Frame 797E 3 KB
2 KB 118ms
30ms Script
application/x-javascript 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C1bSUqz4cZZnNIIGt9u8PjOul4AP7vYusc7-f6LGIEdq24u-aOBABINPLzjBg9ZXOgeAEyAEJqQI9UsqBO5OxPqgDAcgDmwSqBPABT9DKbWWb0XmdwQeLwpBlFXymCuY_p3S4l-acWEo9i0hKiUNyY7lvBpGAPVWPa5n3MY-09ptK-vb4Lh8bElzuUyYRIpXjH1xZ1Haf_Dh21WdALqaizkEqb04xRq157LUB3j4iVxEug-UNmkMWZ-TkcRcLB6Dl1KeYl93Px6yD5dkj6A43LMlIwDdnGU_YBfCLeDldq5BXdduqKW4_9XtWbYwSsQzRwXkJr9-FeWXJY4QqpDR0IEtUnv8xT1MVvFJ3MjTQAWPlVLp1_7KcHKzhZDgx2SmdVLy6lvj7ApdE_AvclhwJACrOP7uvucdQmAU0wASCz-rgpQTgBAOIBb6E5fZHkAYBoAZNgAfw66XGAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0B4g0TCO7Tktqj2oEDFYGW_QcdjHUJPLATquOBFdATANgTCogUAdgUAdAVAfgWAYAXAegXAQ&ae=1&gclid=EAIaIQobChMI2c6T2qPagQMVgZb9Bx2MdQk8EAEYASAAEgKOHvD_BwE&num=1&cid=CAQSKQDICaaNj--A76cBAEW-GObOKbXWVZtfNB_rIETg1DmrnTQBbh4eJJQ9GAE&sig=AOD64_3yt5ihbavngUIc_j6AajJ7JEINxQ&client=ca-pub-5884294479391638&dbm_c=AKAmf-CS0a5R0teW5sdlrDeJNv5NhchjjlDMXanGgFEgScSNFxcVKcwGUaDueVLOl-5fSnUfTDBrAKwaSJ-tb-8ITJzd5_1tZrMW3N6JB6rofAXIwFCKYkLJp0G1bIztzL31GWcOiCNzzaoNn_iozB7qAIg9IqdHHmKzC-MESTwz6OcxczEvwDE&cry=1&dbm_d=AKAmf-BsjngpKABSdy1sJ-Cl5cLfbRVAIqlvd6MX4hpXjLbHV-71l_k-TXM2ZTMtRRwMsDosu22zXwSDUjLdnMDg7C0OMJsC4DYH1vuE8a-RKhhrEaR_dwcjZHUy4s14kS_MgiRrv2vETQDdUcj7gO8Z05hoq8oVcATLII8k__B6h2w-sAwKnu58oGAGWgIDBAkLazJ8aQ7DyYB9H4yR8hxXKvY7NeIYibiSKtKfpMsl2R9ZMOOcxO-6IwNqMhjsSVnNdC8nyhrG-xovUeVBVQfP5gJP3g-vaZvTlhvRyaMJSHD_pSMP8d2jnhXKoMnnAsFd9zcVwBFLgYQ2tCXhod93anD_3znoySwB_y_FYXsk-AM45ezrugfoIR1i9nmW1aeVJpdt3w8Y124EoelEDYLW6vGbL_IPJUZCBQAk19t4iWBFLWYPCfZOGmU7XAYyWxotKY02BN3S0dx0v2SN2i8cYyBP7-Kz7SDsA-TayIcfSldnc2fbk5NzLA2WHrkDa77m-NH5Tzsmgl7skoTpBJ5rToI0Grh0hqidFH_FaE_RGjArXHyClgKoNdLS_U_5bLd8KjnxTOw_JNDTSVrEaxqX8KRQmaFjkrdq-DW7qzgsTqNfU6hil4I&adurl=
Requested by: Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 2752aedfa51601544c6f51e0506ff715b5aec379fc482a53301996e67517668d

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Tue, 03 Oct 2023 18:17:47 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 797E 3 KB
1 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 249
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 16:13:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame 797E 20 KB
8 KB 27ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81865
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 797E 187 KB
59 KB 39ms
35ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:47 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CCE5 13 KB
5 KB 22ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 15425
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 12:00:42 GMT
expires: Wed, 02 Oct 2024 12:00:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 12D8 829 B
560 B 35ms
34ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

68a87ab6b0a729d10824856b738e2801cb3a3f56c0bfad975a1495f30b1212ca

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MeVWMybERLdN9qIhSHPBiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-MeVWMybERLdN9qIhSHPBiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:47 GMT
expires: Tue, 03 Oct 2023 16:17:47 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 142B 170 B
409 B 88ms
32ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNV9dNVGaj--SqSeMR0fKHiMSA4qkCJ13CvDukMvuKGy_NTe8sMkf8PDSIyzH51QTRQoZWGn2A6f_gYjDiXpyUBb5gZleQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 142B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&C=1

43 B
774 B

58ms
57ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNV9dNVGaj--SqSeMR0fKHiMSA4qkCJ13CvDukMvuKGy_NTe8sMkf8PDSIyzH51QTRQoZWGn2A6f_gYjDiXpyUBb5gZleQ
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmadzzagdOAg4vcTv5bOFMxGPuuXbGLbBwi%2BlzzXLY2Dd0Kcuy%2Fvq0BJjw47aiJ89C4X7yEpli3HGCGXV1H4VTNfaMsUn%2FGTqInfGPw6RJi73%2BhFYjzhEaobTk%2Bu91HdCBiQKzrGfV%2BRjA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81067f52def7041b-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8a84QSfCD3i05CtguYlFiHLJSEPq%2F7%2Fj9I3T0mc%2BUaQaRLvQLtOy5q2hM2yaVFk6CTutRPjXbbdzsn0gFl7k1z6Vbt5Ib4s4xRq8bFchAxQjWMtIPJ77wKKXqvF1Os8vCy7p%2BCZxUllFTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&C=1
cache-control: no-cache
cf-ray: 81067f5269cb0200-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 142B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZRw.qyd5lMCvXHO6QNMY.gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&google_hm=2

43 B
739 B

75ms
74ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj_5IjGATAB&v=APEucNV9dNVGaj--SqSeMR0fKHiMSA4qkCJ13CvDukMvuKGy_NTe8sMkf8PDSIyzH51QTRQoZWGn2A6f_gYjDiXpyUBb5gZleQ
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OzL44ecXNZfaEVgSiZm%2FLDpmfs2PCbYt%2Fa%2BevIn%2FlVPOGA0XHCTa0xvK2SzqHpy5FVV%2BjqJeAbMYWJd4tvDswGUTZlgfz85xMZPgvO04C0wz9VVANSHvXbKOBCN%2BUq6XudHmEcLNp2w88w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81067f531f57041b-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBHW-N7D_hYl6Py13Wa3Uvs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D5C 0
20 B 123ms
123ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1392250265776&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D5C 0
20 B 123ms
122ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1392250265776&version=m202309260101&ct=77&x=1&cor=5316804272167203000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5D5C 16 KB
12 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPCOBESplHctUuHihafgpz4sE5pPiBoYQIvXxfD647S_39Cmw1FSEKFwvUaRLMRFRFMSbIq3dNX8ngqcBVD-5BgdAPsXKZwYUSLxa4-y4ov7icuVIu41dN2JmlOZ-7iCvt1wVltjVrGs9tDMgihlnbWd7ZKUmyUb7CWAFwdK39fedMv0c&cry=1&dbm_d=AKAmf-ChB0izw6LILQR7n4CErd6ighVogn3w8Ikacgw_b47I8_TCR57bTL9LHXUbWwhu5OtTtlc2wqK8Wc8BFI2LCmgOASiot9Vi9WRb1lgvQZTNFijIBtR9P6AxxNZ9yFIVG5R5cezn6uJCkDvOlOT4gKBs3SAv9sQVCx3eaFkIVlC0h3gMcC5paXah03z3o5FcKrk_rgvLtnZYRE4TLxVg3dqZx7INu7Yqh_OpumJqVIphKAMtqGTL5jQUaV07wyd7jvQfDQ9LCWN5_N0xV5_d8YR1EfZa7uwsEEXnyT_jkmDpMX4q45iyX-Apw1P86baDEzCAdird6Fwn4Bns3NWXi-CbeqbS7Qlr4A2GLQQAi6VRmhhkrRQCXM3-BuhsXrKa8pvHXkH2qoFdvSRljt_PvWZ9VWfzFmkbO3DRlzEyO7uuBowb2gn4nX-tWFtXFC0nsqO9U8DaYYeL_clOM8H0e8aB-Wi5gwuz58TeCv1d4G9xvT3wc8GfYsuv0lkScd-hRIUdt8BOpDv7ok4MVJhu4TDwk0fNr185VSKrg6qb782Z-nYh9tpJYu3Yr-vNrQ6mLGxlCPqNZk-w9Jg7Rn4YFEweKwbGL_xoy_hMbtcZZ0oui1wQ9iYrOyMTZw8JMEhXr1F9TgAdUNp3GX4pltsl1PiDCDF1i4VP9QpNmRuW8WODGX8susNLHWijGf-EGLGamXOsKwOxeR5pex0QWv9i1-5p6aNDDnJhPSKDgceRPgb-me239G6qEwJ20IHUp3BW-Gka8MopSiYsJCWncKmvVecR8X3Pah6fIayQcXd-BDF2nhDmLIoT8vucKUOTJg43579u8i1PWxFZZ74-tperzpu9qzW_xgVHpD79CObEc_s6Cpw7W47nqFylowT9Aep4peO3oAX7vzLOksVDN6OuBIu7nTP8R8QYOeg3ZxnTJCdbpSbgnzaplYD0G6B-lIdQbUucr4OTzJLY6Sy2GIB2ooLI7HxNxa-cuTohvrg12RGVuxzRwo2bFnO5NXGjRXu_iMWls-nzPy5NLZw2b4fh8h0fETQsxaureziH1fEDG5qoiXyRJdIMLtfSU9-qb3BNpTMHp4qwXXT4wIg-rsFxh_cUy0nbEZXR245FmO4aQ4yf644iwrum8sMYjgCRbjzjKnSu-RcJaltrIYXjpzBdkYJV_Gl7LSKqYocc9iSHlpluGq1bgXWFGr8_M7eOiQ3L7Y59c8GVPnoCmUN9dsr3zmZOkE8N9UiabB7ZVvGpb_uXE8Da5b2UlOJWAypOlntu2JIBCtPd2wCg5Xj4QkZ10ZmA5NElIQW1LRuF0WJ4MI51rIXKddkBAC9xvx62J9UGSr4km5bbg8znqW6vRR2M-lGsbdeSiWldyGX14-HVTgNX0iVh672lUF0bS_3s7fxQa7WSCmZouulO5DlSuUkO-8mZ91K6KnmzbVRpDwQ9lCENI5To7cgbUc1fAm3equL209lKmKK_TanUC98rkbHOedlXhZ6ZO9045TXZkq0kp9iRj4hUXRSrTXU1dbGg-bFU08egfxVRHSB8XjK8jp354Ysqzh-eI7fsEIVFpFFAWA88ju_x2tX9VKCbo-UzylNa0RQi6bsQtKYVwelZnBZ9nzWyH2SrOVgdF47YJhG-cTh1d2ACNaOGqD1rRFtfKtDkZH-totJ2Bha3lIr9x-Hf2C9kWoET6stERhxaFRTZQKf90GO3B6zSE29hPGs3S9fq3g2GVXT9I13VmXk14H-AryflpdZSSYPEmO9ZvasKBPUK4G_tO4u4KNz8rh1huKZ2pxhYDqHOjAXex_XhBozvDYqjL4uGzNow1ZyWGFa2xVbE-J0gKRwXhDUV8KluxSLlTugvM0tsOX1d8bXAgL66_zZI2CtWINR2liDNA6cI_exty0t2Ps3cIQxWf44jOQtuv_NF4bDV_3BXzSbaSQd5If_dZNVRcw_hFBMlyIxUBT_jrHSdPX2DuQfAOpNEUcRXoWcy9VdHjN5YV9NssYi1A82lhaj2cG_L6Rpqoq5aQsfD__Ch4TokGFPWkExwS2HwpK1GEkGkIMaZMucmbcU_ai5a4Xs6wsMXxtHB5gLswUe7Ti64qqXwkthpQ9ZB3cSceFFspMlDX37hHclBIIYKquoKTIuIOG5q9v-FwYKr_HgafGO52npB4OhpdBzw-Al_zjNhi6S7DOSe1oxfwBocZYivBt-zsxc6kX_1FRpuk39ZARhpqv1Ks89mshtWi3d6hxmy02XaNtlgjEhwwsVMVoAr8VomVioBgFau303ytKgbzUU_FISWFdiPK0Z0WyVtayjgEDTHhARIKGC5n4ELesLoR763K5Bngb3ceEAVilqI35cHKeL2-6Ytg5jdzO2nniX6phAJIOM841GRRBNwUM7ICRJko9waCE7GwqDBoD4DrxLE2OWda1wL2hs6mdGvDDCXgtw-c7y6IBMbZWBymNHHq7-tllBtnPSDay629AX5joBY76k56_6YMQ4y2iqvQ1yMZ53WhmDjqczUXAa4lvAISXnK2V1eh6rFz7pNlHGtWGkKkMt6Hk5a9CCKrKYrdolsP9kwf7kgzXsfEkeaNcRVa49MZejCBEcK_X9xQM1RTZE_sZF6Cmt9PVg-siiWHjNaoAa_BAouknqDyJlwWROLG1Bu_6p9G9rbTPQC4s-XHL3el2ajzjcVuMEEDiBuSNFKhMDqNs8Q0l3caoRgEXs7o0RVSS2Yv-hhgyzMlbAh0v7NyA66pXw7H6SceujQkVa3dy2B5CbNRogPnQ2gZFPNfIUB4LBKTbueMYzTiZ2KW9nem1UlnKFJrlF_UdG0WCsHZHT5AG4tiu5vb2xY9WV7nCYgW3PIT3DbOszxGYKprIqxcqoNPsbvrEf8IfL5x6_9I5QZzmGqWuIVmWBk379g7rB7NZ71r7x9c0GhMqpk34Pg_YjvhJspV118QLLxQKGi--xGlSZT9Tqxh-ysk4yJnzCRAM2IXV7ewI5VwqHn8cM9u_ykCM7H68Q2mVCJzbwJJZNw0SGj8q92BtpcT4YyFslLY3tU7iarGjwff0n0no3xGOkA4AdRALFgkpPK5_pMDz2o0aur90ZE06PrL29Y_WsMayUfBOG85VQBuY7zMzMhpexhLc6exktdLzMQD6WA5UBFqekBcI6gS9qMQKVVPynDp_39lMa99BzjedZ-i2UvAm3w3sdhOF-tpcNzGLwbHYWsW6jZA44vy4bEuHsKw7DnkXP7ntPiUwSaop4sXdg03_aQ-2l9rnurtLlJ_bej6za_P6POWRqIObNBeyaoSCKrAhcaWu-k9DvhFVIuRWf7IGiQ5_4su2uG4F3FpJLM6WpqmNnoUTJ_-_9ywcwwUCTYQc16l2F4se6H5Uy3c9nNLnBlx8xJMN3KlhGyW1l9fi5Z4RpDsxfwHaVzDJWdzCs4QWWU3i4xxUADaYkE3_51mPHeHe5n8c5MhEUFzIXWLqTrD92tQs1y14o4ttNY2pu027kpYtO0d-IautdTaz5f5Teg6CziOuAg9iOPx-dggiv6pPqCflk8FMdcEAV9PIUOiUhkZNeuXEQWNzAF49A-n8dXQAFdVrXJBsQWU7mbW1z7vNkAcVl_ABrgc8zMrog2orIP_ibz-sxYWNYt_hnilCrHYXNSWajnsgBWp1aUY1aok28XOK26IkKPr201lbgZAf6ab1pwnegAQzwYJ4xeqhI9RJ_nyrX_PXqlnXT6TxQRRgQ_tn4g52eD3lCSRt0AXVkG1torEZRiIp9ly9kjakcssDYMCu-hxR2iiB_5fTx7__KkRmaUUGAb414eha8HdBCv2XHvf-YiQ-ad33k6sVFcQTZpxqP4hV65SabyQ2bfa1vJYNdPWVIeDizjM_ZBXS34vZpf7D40QJ82Ch_XG74&cid=CAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5316804272167203000&adk=3522027986&idt=111&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79ada21b2a34d9189f67d43de421b6cb516d51f61d45c395f849b6f7122dd9ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12435
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame BF96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYTKuLmH9pG2DPjxm9fWJ0&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGYTKuLmH9pG2DPjxm9fWJ0%26google_cver%3D1

43 B
889 B

27ms
26ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGYTKuLmH9pG2DPjxm9fWJ0%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNXc7CoFL0YSFy-kCwQ94PvQjyDud8nKVOFL_R27N9ViV9r_bdGP9EjQUiUsV1vUAlt56cLTwBEY0wuiCW4_QJ-DLy9Xaw

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
an-x-request-uuid: 405d0abd-f9bb-4183-b682-5a3d1b268a35
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.12.222.172; 45.12.222.172; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
an-x-request-uuid: b28fbf82-0830-4163-a7ee-459bb41e597d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGYTKuLmH9pG2DPjxm9fWJ0%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 45.12.222.172; 45.12.222.172; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF96
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5NjU0ODI1NTQ1MDA3NTUzMA%3D%3D

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5NjU0ODI1NTQ1MDA3NTUzMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
an-x-request-uuid: 406f5258-afc2-4505-8196-928977b18d15
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk5NjU0ODI1NTQ1MDA3NTUzMA%3D%3D
x-proxy-origin: 45.12.222.172; 45.12.222.172; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BF96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1

43 B
180 B

32ms
31ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDuBhDGku0CGPOm49wBMAE&v=APEucNXc7CoFL0YSFy-kCwQ94PvQjyDud8nKVOFL_R27N9ViV9r_bdGP9EjQUiUsV1vUAlt56cLTwBEY0wuiCW4_QJ-DLy9Xaw
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESECbnnQmTwR8VpHUY54ht67A&google_cver=1
date: Tue, 03 Oct 2023 16:17:47 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF96
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTA1ZDQ2OWMtOGRmYS0yMjFjLWVlODEtYzQwMjhhMjBiNDJl

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTA1ZDQ2OWMtOGRmYS0yMjFjLWVlODEtYzQwMjhhMjBiNDJl

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTA1ZDQ2OWMtOGRmYS0yMjFjLWVlODEtYzQwMjhhMjBiNDJl
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 12D8 0
0 123ms
122ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309280101&jk=3949002477549718&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame CCE5 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 16:13:39 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 797E 0
20 B 124ms
124ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8333692902372&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 797E 0
20 B 123ms
122ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8333692902372&version=m202309260101&ct=77&x=1&cor=9546921479807422000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 797E 30 KB
18 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7JyWkzlvNtY9hRiX8XCmfBXdMlW5QU0kBopt7YedZtID4Nh95Fcentx4gIWg3qmmd_tuQ9IDdV10RrsV1okLTvdbTxWtvTsMoM5SjAzpZUEcMFxJyXvHR5DSigtmYtufGd-LrsgAC52AFUZb_HIBUaUObAjm-RPBa0Kfavm3OzzKb4tU&cry=1&dbm_d=AKAmf-ByseY0xRpkci7SQ5zr5KWnKnpzvocMP56WNGlDBehTb-e8JDXKTHl8kh2tZ7La52Lifti1Y6n-qKN0u_bvjRbrfevR2nKoA67WpoCjw2-uNl5QAQX5fes4J8KUuoDYsxLNARLXFByPjRlKiD3HDTPlD1SHrgc7oxGFk_3Hqi88drLSH8Soi_HvBZZ0gM7LKPhkvgKIIN1-FiW6TWbmretIVM86MV34w4e82MFeXJvtw-BXDiaFgRdDYcxDGXnv7NSlcBwC7inUpc-D-_5DcItyPtYkYkT7LgLOhfhhFBAqN5_2ObhjZao5H13GTZp7_66oha5mBydR6Vp6cMySWmSTXHGlyDFhXdD5FtJOtv_0DDpQXMZXKv5M4KxW3ZjGZV7OHcAAEqdGR143qY--cA5Fva9AcAnc3oKPSFxN7HTFwR9P-f-scMWTf_GlDvYEhqbtS5eLMXUBcR6lonXhxa_93ezGmhF-1RCzIhVmpqQ-2aGJcgB8Vd6TT3kZQN-gcjQZRf0fgmHheUawn2oPRVTi0l6nCjT4T_rCLhMgKS5syCaipmmbKyM9O5tNgayAtuu1KFxDg2GBnjNR5XTs3XPtUyW6z5IDuXCwhP8QcBX_3lGjuS_U82KCh3da3oNxFPw43jpeq68CjJDighaxr1xD-iiTHAsfnPy2jSbPUwNi9RBra0F84IeKwBslh2x58SY2kVdO6PdFs2e0VSUkQfd0JhpDRY0G93Uv_oBgHwkcY1S_5amhGmhUE2_pHVfmQpAvnxb1oAuZlB56dPRWOz0oinMxH6u261odts-JCKpUaEaFeWqWWMHb4IReSon7M5gj81UqSaMPL8FR1haVJeMgv65rhJ-0sXSwMmH4azf034Zv6M0mbA5k5qPqR8p_Aygl2o98je7sOI-NqtQVkAdPAaV91jo39_6me3_9T-dx69_eODzso82PDGMOp9cAvRxyrF40DX6qQpOpAX6z6SNViF3KKtoACKak7EtF6tAYnkA1AD122IjhNcJI0ZHEEhLKtXVhOu-wtgJCWNo_C__riT1ocPndPjYKdUVXbO-U3H2Aqsg3zekobGECKeLeJauw0AEhYOXk-l_jMyXGrLqH4pBviwnxpS_yPPvg4DF3kZvYkByVAa0IXloFNf3N6iMl3MGCPlaVEu8KirTgBEx8Ba9btgzF1Jy10IwwGj3F-83GSPbfZUqSjJP7qszyew6ZAQXj2U_nzHpYWE_IRHKWVSpe8Z_4mxFGkzjagawQKLzxGfNMCbL5BznjLGoYDJMniFUYkTRsxkOqAUXWhjmehLZcVFSWBcdblT5rVBvbRbCDggN4CdKvZjV95Sgx3gqmJ4ofwsSMByhXx06nVuYGOa3gtqQoKj6qoNdrtWAPIvR-ALTScR5n-DlnbJy8DUpEQZaFjVpfY9lYvXntTHGrgGQAjc0EIoP0pPF2jbyX_FEwow8tBRI8oq-V48a1vCf3VcRn1TGb5NhPreEFAM43DHrWyeey2eaWoN8wcIE4W-VI2n0oYRkumoTw8GjndVyEb9sEjhQFIdGBkPDxDlUyGp_zahTeLIXib5SwA_obTHAsVXSXPR9J8L-onNjEaVgsLv91xrILGF4_JSO05JsXeYcbw3l5Vl9fwCnzE4vViaOcVP6pl0-jS60NU8CCtlxG4BvxPqWPtSAastuqKj_2MqFwboFAgwcDSqY6hnYDLPt37NQp5G59tj5b4JOnif5HtezV4PbAdy50XVx4h9jQE9z2TvYnn6q4XRnBlo12zJlfNN52J5xwGEUtNqvlBf6_V32_YI1bGquUdsizGTR6BzKVhcTxC1_A1Y6ozzcwuoKCTpUsijLk24M87wTOKZ5tBextYQpX3B2mgKGeuXf1PVw_57JIDDzOY6lxbrB1SW8zBGSu4-kwaBXhkEdVQUzRBi_EHQY8G0ud4nnIX2irTfK8wBtxx1NtO98B-aZr_T3gOVKR3oMl2_6ctc1Ry2nvSPMxq-J3m49dVJY8nLdJJ581HLYmH2xzdUqVz4pvG85Yua5-HzAhXgNVIXN7Px46DJluJ_IbBsVIX_H4KXhyGBQDToUD0MdKlZAzk84zvhuK5qf6It4WENRpbH-sXr4cMKLur1EKg4sSw_LIJfXf0oFmy9-CCgmuNZi55pV3LpXOlo9SQlvn0D7J1lcTeDZglsav18kM_gJmmIHKPUGhliTag0AOeHCCO77NvznHGTR9w8HS2p2VmegxtVaukE-5mVBVK9POu_tankyTs8II1XLLCvTm95KaxwNgq71QDwhD06ewZT72DUkkC3GT2kdBpYb4gFx2wEYpvJ-krFVcr-cQLzmVVtoWTK_QhLizorq7MBT95lQeKe7nFt1elfSGR6PssmNdFosfKQVLDsQQyqgEsxXXgZ25OfmDYGFOFJRIbnkQZqzJoWNR9TngXCOjICZEHTJ_xnO10uIJfBdnMxzO5BgTtybM8UA4vkc34iSmwaxRRXyADUcEU2mLHqoBQ27eUlv0S7pCED5ybK4noILc7MtNPrff1Z-zc1KcjRbSrw7M396HpgA2Bce7tJFx7B_qjKscz3nK9l5sTPY3UmAsaB7-kEOdaa1hHC-MJFxfYwSnnq5qPxqEYKYzhuPgLQCujg684O53r0msYp-C84WQa-GSIuOEaierAtVmT5arjvEnDKBi8N3fcDrWN3BCfepDoCGRhA_Rctc1QEu_oZYH4jQPU6TU9qn9S2nAKx55me8MACEeKuBvD_HdZyWhhcj98mJ4hTMiyYkvxAF5J2i_4wQLJTIOiXMat3ti-7jJ3k_5CVILYZ-6CrMZNUDWrkdv8vWpGdjDlQAM1Iu_59aC0AC2EUA4pfsCHUVJCOGDsbRTXGBcP8eQlsBUnRQAPSQOt4paSEyTccw9CaRenuvkfBI0q37zuVJichBYKCckqULy6yuLCtJFg04DdABK-CjwUpMzrr-KRWIGJhJ8UqP1IjGA_SyPvFku7_1e8PS5UVbARTD7eQzxZdih6Uy3kAWDGvak9zBDVH40Jjiuq-SvU_5RiS6AlczFOpuqmGP7rxj4A_gb-T9EBTwk48-ZfcKD-_9M1lvz6XdBUuy4eRFtEL9iHJ7eV0WXTylBzLXhpagxK01zOrJla3QbGWMoDrZh0He4iNSjzsuYe8JqBORdfv7TJzLIVssFcH4QzeICrTi1AeACLRUJgTvg1DSmvd41QANOmRydkozhc3b5OyhhBl-w47aS6eyeFvruZNdktI-VrrueQogjAxdXC1zB6e7iVMSfvJAnSSro-540gRQUdVB-7XXXacu0CMHDm4mda90oohdYQC5Axbj_AT3JUHhdm4C4oUoecmQ0TgOjyBkBIcuWTAr7MPIG5bjN91BLZ8yfjUn6XvdX9A3j2vkKKyawlgbOMM_Np_yLSkFl1n7xTZXlTwGHinavVq-p-ZKfOYKuFMCHRZ6kvHhmvNiwdV9VPkwkcMSkIwGWzBtn82QUcZWTeVhtMs2cwBF-8jeGern2PX1LrHMWBnqDHtTGChg8iiWO54WBKVaDnPOLk9PwmnfkLssegKTp2WMyEY-jiKRS3Kysjf8dyV3Ne4oVEM3VkqSZUoT-mB23-vPwCGYDscest3E1kfcF39o-VB3pZe31zq47rSGVXRI09tVbvOlHRQAYoDN0OMBdRgijVpSQFw&cid=CAQSKQDICaaNj--A76cBAEW-GObOKbXWVZtfNB_rIETg1DmrnTQBbh4eJJQ9GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=9546921479807422000&adk=676413724&idt=103&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

256b8bbfeabe436e3316ffb3960057210fafdf735319c7a0e567226eba0ec5cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18192
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A644 0
12 B 22ms
22ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-K1egA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:47 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5D5C 41 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPCOBESplHctUuHihafgpz4sE5pPiBoYQIvXxfD647S_39Cmw1FSEKFwvUaRLMRFRFMSbIq3dNX8ngqcBVD-5BgdAPsXKZwYUSLxa4-y4ov7icuVIu41dN2JmlOZ-7iCvt1wVltjVrGs9tDMgihlnbWd7ZKUmyUb7CWAFwdK39fedMv0c&cry=1&dbm_d=AKAmf-ChB0izw6LILQR7n4CErd6ighVogn3w8Ikacgw_b47I8_TCR57bTL9LHXUbWwhu5OtTtlc2wqK8Wc8BFI2LCmgOASiot9Vi9WRb1lgvQZTNFijIBtR9P6AxxNZ9yFIVG5R5cezn6uJCkDvOlOT4gKBs3SAv9sQVCx3eaFkIVlC0h3gMcC5paXah03z3o5FcKrk_rgvLtnZYRE4TLxVg3dqZx7INu7Yqh_OpumJqVIphKAMtqGTL5jQUaV07wyd7jvQfDQ9LCWN5_N0xV5_d8YR1EfZa7uwsEEXnyT_jkmDpMX4q45iyX-Apw1P86baDEzCAdird6Fwn4Bns3NWXi-CbeqbS7Qlr4A2GLQQAi6VRmhhkrRQCXM3-BuhsXrKa8pvHXkH2qoFdvSRljt_PvWZ9VWfzFmkbO3DRlzEyO7uuBowb2gn4nX-tWFtXFC0nsqO9U8DaYYeL_clOM8H0e8aB-Wi5gwuz58TeCv1d4G9xvT3wc8GfYsuv0lkScd-hRIUdt8BOpDv7ok4MVJhu4TDwk0fNr185VSKrg6qb782Z-nYh9tpJYu3Yr-vNrQ6mLGxlCPqNZk-w9Jg7Rn4YFEweKwbGL_xoy_hMbtcZZ0oui1wQ9iYrOyMTZw8JMEhXr1F9TgAdUNp3GX4pltsl1PiDCDF1i4VP9QpNmRuW8WODGX8susNLHWijGf-EGLGamXOsKwOxeR5pex0QWv9i1-5p6aNDDnJhPSKDgceRPgb-me239G6qEwJ20IHUp3BW-Gka8MopSiYsJCWncKmvVecR8X3Pah6fIayQcXd-BDF2nhDmLIoT8vucKUOTJg43579u8i1PWxFZZ74-tperzpu9qzW_xgVHpD79CObEc_s6Cpw7W47nqFylowT9Aep4peO3oAX7vzLOksVDN6OuBIu7nTP8R8QYOeg3ZxnTJCdbpSbgnzaplYD0G6B-lIdQbUucr4OTzJLY6Sy2GIB2ooLI7HxNxa-cuTohvrg12RGVuxzRwo2bFnO5NXGjRXu_iMWls-nzPy5NLZw2b4fh8h0fETQsxaureziH1fEDG5qoiXyRJdIMLtfSU9-qb3BNpTMHp4qwXXT4wIg-rsFxh_cUy0nbEZXR245FmO4aQ4yf644iwrum8sMYjgCRbjzjKnSu-RcJaltrIYXjpzBdkYJV_Gl7LSKqYocc9iSHlpluGq1bgXWFGr8_M7eOiQ3L7Y59c8GVPnoCmUN9dsr3zmZOkE8N9UiabB7ZVvGpb_uXE8Da5b2UlOJWAypOlntu2JIBCtPd2wCg5Xj4QkZ10ZmA5NElIQW1LRuF0WJ4MI51rIXKddkBAC9xvx62J9UGSr4km5bbg8znqW6vRR2M-lGsbdeSiWldyGX14-HVTgNX0iVh672lUF0bS_3s7fxQa7WSCmZouulO5DlSuUkO-8mZ91K6KnmzbVRpDwQ9lCENI5To7cgbUc1fAm3equL209lKmKK_TanUC98rkbHOedlXhZ6ZO9045TXZkq0kp9iRj4hUXRSrTXU1dbGg-bFU08egfxVRHSB8XjK8jp354Ysqzh-eI7fsEIVFpFFAWA88ju_x2tX9VKCbo-UzylNa0RQi6bsQtKYVwelZnBZ9nzWyH2SrOVgdF47YJhG-cTh1d2ACNaOGqD1rRFtfKtDkZH-totJ2Bha3lIr9x-Hf2C9kWoET6stERhxaFRTZQKf90GO3B6zSE29hPGs3S9fq3g2GVXT9I13VmXk14H-AryflpdZSSYPEmO9ZvasKBPUK4G_tO4u4KNz8rh1huKZ2pxhYDqHOjAXex_XhBozvDYqjL4uGzNow1ZyWGFa2xVbE-J0gKRwXhDUV8KluxSLlTugvM0tsOX1d8bXAgL66_zZI2CtWINR2liDNA6cI_exty0t2Ps3cIQxWf44jOQtuv_NF4bDV_3BXzSbaSQd5If_dZNVRcw_hFBMlyIxUBT_jrHSdPX2DuQfAOpNEUcRXoWcy9VdHjN5YV9NssYi1A82lhaj2cG_L6Rpqoq5aQsfD__Ch4TokGFPWkExwS2HwpK1GEkGkIMaZMucmbcU_ai5a4Xs6wsMXxtHB5gLswUe7Ti64qqXwkthpQ9ZB3cSceFFspMlDX37hHclBIIYKquoKTIuIOG5q9v-FwYKr_HgafGO52npB4OhpdBzw-Al_zjNhi6S7DOSe1oxfwBocZYivBt-zsxc6kX_1FRpuk39ZARhpqv1Ks89mshtWi3d6hxmy02XaNtlgjEhwwsVMVoAr8VomVioBgFau303ytKgbzUU_FISWFdiPK0Z0WyVtayjgEDTHhARIKGC5n4ELesLoR763K5Bngb3ceEAVilqI35cHKeL2-6Ytg5jdzO2nniX6phAJIOM841GRRBNwUM7ICRJko9waCE7GwqDBoD4DrxLE2OWda1wL2hs6mdGvDDCXgtw-c7y6IBMbZWBymNHHq7-tllBtnPSDay629AX5joBY76k56_6YMQ4y2iqvQ1yMZ53WhmDjqczUXAa4lvAISXnK2V1eh6rFz7pNlHGtWGkKkMt6Hk5a9CCKrKYrdolsP9kwf7kgzXsfEkeaNcRVa49MZejCBEcK_X9xQM1RTZE_sZF6Cmt9PVg-siiWHjNaoAa_BAouknqDyJlwWROLG1Bu_6p9G9rbTPQC4s-XHL3el2ajzjcVuMEEDiBuSNFKhMDqNs8Q0l3caoRgEXs7o0RVSS2Yv-hhgyzMlbAh0v7NyA66pXw7H6SceujQkVa3dy2B5CbNRogPnQ2gZFPNfIUB4LBKTbueMYzTiZ2KW9nem1UlnKFJrlF_UdG0WCsHZHT5AG4tiu5vb2xY9WV7nCYgW3PIT3DbOszxGYKprIqxcqoNPsbvrEf8IfL5x6_9I5QZzmGqWuIVmWBk379g7rB7NZ71r7x9c0GhMqpk34Pg_YjvhJspV118QLLxQKGi--xGlSZT9Tqxh-ysk4yJnzCRAM2IXV7ewI5VwqHn8cM9u_ykCM7H68Q2mVCJzbwJJZNw0SGj8q92BtpcT4YyFslLY3tU7iarGjwff0n0no3xGOkA4AdRALFgkpPK5_pMDz2o0aur90ZE06PrL29Y_WsMayUfBOG85VQBuY7zMzMhpexhLc6exktdLzMQD6WA5UBFqekBcI6gS9qMQKVVPynDp_39lMa99BzjedZ-i2UvAm3w3sdhOF-tpcNzGLwbHYWsW6jZA44vy4bEuHsKw7DnkXP7ntPiUwSaop4sXdg03_aQ-2l9rnurtLlJ_bej6za_P6POWRqIObNBeyaoSCKrAhcaWu-k9DvhFVIuRWf7IGiQ5_4su2uG4F3FpJLM6WpqmNnoUTJ_-_9ywcwwUCTYQc16l2F4se6H5Uy3c9nNLnBlx8xJMN3KlhGyW1l9fi5Z4RpDsxfwHaVzDJWdzCs4QWWU3i4xxUADaYkE3_51mPHeHe5n8c5MhEUFzIXWLqTrD92tQs1y14o4ttNY2pu027kpYtO0d-IautdTaz5f5Teg6CziOuAg9iOPx-dggiv6pPqCflk8FMdcEAV9PIUOiUhkZNeuXEQWNzAF49A-n8dXQAFdVrXJBsQWU7mbW1z7vNkAcVl_ABrgc8zMrog2orIP_ibz-sxYWNYt_hnilCrHYXNSWajnsgBWp1aUY1aok28XOK26IkKPr201lbgZAf6ab1pwnegAQzwYJ4xeqhI9RJ_nyrX_PXqlnXT6TxQRRgQ_tn4g52eD3lCSRt0AXVkG1torEZRiIp9ly9kjakcssDYMCu-hxR2iiB_5fTx7__KkRmaUUGAb414eha8HdBCv2XHvf-YiQ-ad33k6sVFcQTZpxqP4hV65SabyQ2bfa1vJYNdPWVIeDizjM_ZBXS34vZpf7D40QJ82Ch_XG74&cid=CAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=5316804272167203000&adk=3522027986&idt=111&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 379163
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H/1.1 200
OK r4yapv8fhxky Show response
hal9000.redintelligence.net/zone/ Frame 5D5C 11 KB
4 KB 96ms
30ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/r4yapv8fhxky?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D
Requested by: Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 34d7aac0a5ee9bf5e5c79e929a2375b1eb2b8c9b2f1ed92cee026d3cca539d7a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 16:17:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4197
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame 797E 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A7JyWkzlvNtY9hRiX8XCmfBXdMlW5QU0kBopt7YedZtID4Nh95Fcentx4gIWg3qmmd_tuQ9IDdV10RrsV1okLTvdbTxWtvTsMoM5SjAzpZUEcMFxJyXvHR5DSigtmYtufGd-LrsgAC52AFUZb_HIBUaUObAjm-RPBa0Kfavm3OzzKb4tU&cry=1&dbm_d=AKAmf-ByseY0xRpkci7SQ5zr5KWnKnpzvocMP56WNGlDBehTb-e8JDXKTHl8kh2tZ7La52Lifti1Y6n-qKN0u_bvjRbrfevR2nKoA67WpoCjw2-uNl5QAQX5fes4J8KUuoDYsxLNARLXFByPjRlKiD3HDTPlD1SHrgc7oxGFk_3Hqi88drLSH8Soi_HvBZZ0gM7LKPhkvgKIIN1-FiW6TWbmretIVM86MV34w4e82MFeXJvtw-BXDiaFgRdDYcxDGXnv7NSlcBwC7inUpc-D-_5DcItyPtYkYkT7LgLOhfhhFBAqN5_2ObhjZao5H13GTZp7_66oha5mBydR6Vp6cMySWmSTXHGlyDFhXdD5FtJOtv_0DDpQXMZXKv5M4KxW3ZjGZV7OHcAAEqdGR143qY--cA5Fva9AcAnc3oKPSFxN7HTFwR9P-f-scMWTf_GlDvYEhqbtS5eLMXUBcR6lonXhxa_93ezGmhF-1RCzIhVmpqQ-2aGJcgB8Vd6TT3kZQN-gcjQZRf0fgmHheUawn2oPRVTi0l6nCjT4T_rCLhMgKS5syCaipmmbKyM9O5tNgayAtuu1KFxDg2GBnjNR5XTs3XPtUyW6z5IDuXCwhP8QcBX_3lGjuS_U82KCh3da3oNxFPw43jpeq68CjJDighaxr1xD-iiTHAsfnPy2jSbPUwNi9RBra0F84IeKwBslh2x58SY2kVdO6PdFs2e0VSUkQfd0JhpDRY0G93Uv_oBgHwkcY1S_5amhGmhUE2_pHVfmQpAvnxb1oAuZlB56dPRWOz0oinMxH6u261odts-JCKpUaEaFeWqWWMHb4IReSon7M5gj81UqSaMPL8FR1haVJeMgv65rhJ-0sXSwMmH4azf034Zv6M0mbA5k5qPqR8p_Aygl2o98je7sOI-NqtQVkAdPAaV91jo39_6me3_9T-dx69_eODzso82PDGMOp9cAvRxyrF40DX6qQpOpAX6z6SNViF3KKtoACKak7EtF6tAYnkA1AD122IjhNcJI0ZHEEhLKtXVhOu-wtgJCWNo_C__riT1ocPndPjYKdUVXbO-U3H2Aqsg3zekobGECKeLeJauw0AEhYOXk-l_jMyXGrLqH4pBviwnxpS_yPPvg4DF3kZvYkByVAa0IXloFNf3N6iMl3MGCPlaVEu8KirTgBEx8Ba9btgzF1Jy10IwwGj3F-83GSPbfZUqSjJP7qszyew6ZAQXj2U_nzHpYWE_IRHKWVSpe8Z_4mxFGkzjagawQKLzxGfNMCbL5BznjLGoYDJMniFUYkTRsxkOqAUXWhjmehLZcVFSWBcdblT5rVBvbRbCDggN4CdKvZjV95Sgx3gqmJ4ofwsSMByhXx06nVuYGOa3gtqQoKj6qoNdrtWAPIvR-ALTScR5n-DlnbJy8DUpEQZaFjVpfY9lYvXntTHGrgGQAjc0EIoP0pPF2jbyX_FEwow8tBRI8oq-V48a1vCf3VcRn1TGb5NhPreEFAM43DHrWyeey2eaWoN8wcIE4W-VI2n0oYRkumoTw8GjndVyEb9sEjhQFIdGBkPDxDlUyGp_zahTeLIXib5SwA_obTHAsVXSXPR9J8L-onNjEaVgsLv91xrILGF4_JSO05JsXeYcbw3l5Vl9fwCnzE4vViaOcVP6pl0-jS60NU8CCtlxG4BvxPqWPtSAastuqKj_2MqFwboFAgwcDSqY6hnYDLPt37NQp5G59tj5b4JOnif5HtezV4PbAdy50XVx4h9jQE9z2TvYnn6q4XRnBlo12zJlfNN52J5xwGEUtNqvlBf6_V32_YI1bGquUdsizGTR6BzKVhcTxC1_A1Y6ozzcwuoKCTpUsijLk24M87wTOKZ5tBextYQpX3B2mgKGeuXf1PVw_57JIDDzOY6lxbrB1SW8zBGSu4-kwaBXhkEdVQUzRBi_EHQY8G0ud4nnIX2irTfK8wBtxx1NtO98B-aZr_T3gOVKR3oMl2_6ctc1Ry2nvSPMxq-J3m49dVJY8nLdJJ581HLYmH2xzdUqVz4pvG85Yua5-HzAhXgNVIXN7Px46DJluJ_IbBsVIX_H4KXhyGBQDToUD0MdKlZAzk84zvhuK5qf6It4WENRpbH-sXr4cMKLur1EKg4sSw_LIJfXf0oFmy9-CCgmuNZi55pV3LpXOlo9SQlvn0D7J1lcTeDZglsav18kM_gJmmIHKPUGhliTag0AOeHCCO77NvznHGTR9w8HS2p2VmegxtVaukE-5mVBVK9POu_tankyTs8II1XLLCvTm95KaxwNgq71QDwhD06ewZT72DUkkC3GT2kdBpYb4gFx2wEYpvJ-krFVcr-cQLzmVVtoWTK_QhLizorq7MBT95lQeKe7nFt1elfSGR6PssmNdFosfKQVLDsQQyqgEsxXXgZ25OfmDYGFOFJRIbnkQZqzJoWNR9TngXCOjICZEHTJ_xnO10uIJfBdnMxzO5BgTtybM8UA4vkc34iSmwaxRRXyADUcEU2mLHqoBQ27eUlv0S7pCED5ybK4noILc7MtNPrff1Z-zc1KcjRbSrw7M396HpgA2Bce7tJFx7B_qjKscz3nK9l5sTPY3UmAsaB7-kEOdaa1hHC-MJFxfYwSnnq5qPxqEYKYzhuPgLQCujg684O53r0msYp-C84WQa-GSIuOEaierAtVmT5arjvEnDKBi8N3fcDrWN3BCfepDoCGRhA_Rctc1QEu_oZYH4jQPU6TU9qn9S2nAKx55me8MACEeKuBvD_HdZyWhhcj98mJ4hTMiyYkvxAF5J2i_4wQLJTIOiXMat3ti-7jJ3k_5CVILYZ-6CrMZNUDWrkdv8vWpGdjDlQAM1Iu_59aC0AC2EUA4pfsCHUVJCOGDsbRTXGBcP8eQlsBUnRQAPSQOt4paSEyTccw9CaRenuvkfBI0q37zuVJichBYKCckqULy6yuLCtJFg04DdABK-CjwUpMzrr-KRWIGJhJ8UqP1IjGA_SyPvFku7_1e8PS5UVbARTD7eQzxZdih6Uy3kAWDGvak9zBDVH40Jjiuq-SvU_5RiS6AlczFOpuqmGP7rxj4A_gb-T9EBTwk48-ZfcKD-_9M1lvz6XdBUuy4eRFtEL9iHJ7eV0WXTylBzLXhpagxK01zOrJla3QbGWMoDrZh0He4iNSjzsuYe8JqBORdfv7TJzLIVssFcH4QzeICrTi1AeACLRUJgTvg1DSmvd41QANOmRydkozhc3b5OyhhBl-w47aS6eyeFvruZNdktI-VrrueQogjAxdXC1zB6e7iVMSfvJAnSSro-540gRQUdVB-7XXXacu0CMHDm4mda90oohdYQC5Axbj_AT3JUHhdm4C4oUoecmQ0TgOjyBkBIcuWTAr7MPIG5bjN91BLZ8yfjUn6XvdX9A3j2vkKKyawlgbOMM_Np_yLSkFl1n7xTZXlTwGHinavVq-p-ZKfOYKuFMCHRZ6kvHhmvNiwdV9VPkwkcMSkIwGWzBtn82QUcZWTeVhtMs2cwBF-8jeGern2PX1LrHMWBnqDHtTGChg8iiWO54WBKVaDnPOLk9PwmnfkLssegKTp2WMyEY-jiKRS3Kysjf8dyV3Ne4oVEM3VkqSZUoT-mB23-vPwCGYDscest3E1kfcF39o-VB3pZe31zq47rSGVXRI09tVbvOlHRQAYoDN0OMBdRgijVpSQFw&cid=CAQSKQDICaaNj--A76cBAEW-GObOKbXWVZtfNB_rIETg1DmrnTQBbh4eJJQ9GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=9546921479807422000&adk=676413724&idt=103&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 18:44:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11583
x-xss-protection: 0
server: cafe
etag: 13692823745828058245
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 18:44:23 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 797E 41 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 379163
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H2 200 banner Show response
ad4.adfarm1.adition.com/ Frame 797E 19 B
400 B 34ms
32ms Script
text/javascript 217.79.188.46
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4.adfarm1.adition.com/banner?sid=4787112&adjsver=3&fvers=&iframe=1&ref=https%3A//ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/&ro=https%3A//c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/89.0.4389.72%20Safari/537.36&os=17&browser=11&userid=0&wi=1015560481&ac=1&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1bSUqz4cZZnNIIGt9u8PjOul4AP7vYusc7%2Df6LGIEdq24u%2DaOBABINPLzjBg9ZXOgeAEyAEJqQI9UsqBO5OxPqgDAcgDmwSqBPABT9DKbWWb0XmdwQeLwpBlFXymCuY%5Fp3S4l%2DacWEo9i0hKiUNyY7lvBpGAPVWPa5n3MY%2D09ptK%2Dvb4Lh8bElzuUyYRIpXjH1xZ1Haf%5FDh21WdALqaizkEqb04xRq157LUB3j4iVxEug%2DUNmkMWZ%2DTkcRcLB6Dl1KeYl93Px6yD5dkj6A43LMlIwDdnGU%5FYBfCLeDldq5BXdduqKW4%5F9XtWbYwSsQzRwXkJr9%2DFeWXJY4QqpDR0IEtUnv8xT1MVvFJ3MjTQAWPlVLp1%5F7KcHKzhZDgx2SmdVLy6lvj7ApdE%5FAvclhwJACrOP7uvucdQmAU0wASCz%2DrgpQTgBAOIBb6E5fZHkAYBoAZNgAfw66XGAagH2baxAqgHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0B4g0TCO7Tktqj2oEDFYGW%5FQcdjHUJPLATquOBFdATANgTCogUAdgUAdAVAfgWAYAXAegXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSKQDICaaNj%2D%2DA76cBAEW%2DGObOKbXWVZtfNB%5FrIETg1DmrnTQBbh4eJJQ9GAE%26sig%3DAOD64%5F3yt5ihbavngUIc%5Fj6AajJ7JEINxQ%26client%3Dca%2Dpub%2D5884294479391638%26dbm%5Fc%3DAKAmf%2DCS0a5R0teW5sdlrDeJNv5NhchjjlDMXanGgFEgScSNFxcVKcwGUaDueVLOl%2D5fSnUfTDBrAKwaSJ%2Dtb%2D8ITJzd5%5F1tZrMW3N6JB6rofAXIwFCKYkLJp0G1bIztzL31GWcOiCNzzaoNn%5FiozB7qAIg9IqdHHmKzC%2DMESTwz6OcxczEvwDE%26cry%3D1%26dbm%5Fd%3DAKAmf%2DBsjngpKABSdy1sJ%2DCl5cLfbRVAIqlvd6MX4hpXjLbHV%2D71l%5Fk%2DTXM2ZTMtRRwMsDosu22zXwSDUjLdnMDg7C0OMJsC4DYH1vuE8a%2DRKhhrEaR%5FdwcjZHUy4s14kS%5FMgiRrv2vETQDdUcj7gO8Z05hoq8oVcATLII8k%5F%5FB6h2w%2DsAwKnu58oGAGWgIDBAkLazJ8aQ7DyYB9H4yR8hxXKvY7NeIYibiSKtKfpMsl2R9ZMOOcxO%2D6IwNqMhjsSVnNdC8nyhrG%2DxovUeVBVQfP5gJP3g%2DvaZvTlhvRyaMJSHD%5FpSMP8d2jnhXKoMnnAsFd9zcVwBFLgYQ2tCXhod93anD%5F3znoySwB%5Fy%5FFYXsk%2DAM45ezrugfoIR1i9nmW1aeVJpdt3w8Y124EoelEDYLW6vGbL%5FIPJUZCBQAk19t4iWBFLWYPCfZOGmU7XAYyWxotKY02BN3S0dx0v2SN2i8cYyBP7%2DKz7SDsA%2DTayIcfSldnc2fbk5NzLA2WHrkDa77m%2DNH5Tzsmgl7skoTpBJ5rToI0Grh0hqidFH%5FFaE%5FRGjArXHyClgKoNdLS%5FU%5F5bLd8KjnxTOw%5FJNDTSVrEaxqX8KRQmaFjkrdq%2DDW7qzgsTqNfU6hil4I%26adurl%3D&gclid=EAIaIQobChMI2c6T2qPagQMVgZb9Bx2MdQk8EAEYASAAEgKOHvD%5FBwE
Requested by: Host: ad4.adfarm1.adition.com
URL: https://ad4.adfarm1.adition.com/js?wp_id=4787112&clickurl=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C1bSUqz4cZZnNIIGt9u8PjOul4AP7vYusc7-f6LGIEdq24u-aOBABINPLzjBg9ZXOgeAEyAEJqQI9UsqBO5OxPqgDAcgDmwSqBPABT9DKbWWb0XmdwQeLwpBlFXymCuY_p3S4l-acWEo9i0hKiUNyY7lvBpGAPVWPa5n3MY-09ptK-vb4Lh8bElzuUyYRIpXjH1xZ1Haf_Dh21WdALqaizkEqb04xRq157LUB3j4iVxEug-UNmkMWZ-TkcRcLB6Dl1KeYl93Px6yD5dkj6A43LMlIwDdnGU_YBfCLeDldq5BXdduqKW4_9XtWbYwSsQzRwXkJr9-FeWXJY4QqpDR0IEtUnv8xT1MVvFJ3MjTQAWPlVLp1_7KcHKzhZDgx2SmdVLy6lvj7ApdE_AvclhwJACrOP7uvucdQmAU0wASCz-rgpQTgBAOIBb6E5fZHkAYBoAZNgAfw66XGAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgGEQARgdMgKKAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaoNAkNIyA0B4g0TCO7Tktqj2oEDFYGW_QcdjHUJPLATquOBFdATANgTCogUAdgUAdAVAfgWAYAXAegXAQ&ae=1&gclid=EAIaIQobChMI2c6T2qPagQMVgZb9Bx2MdQk8EAEYASAAEgKOHvD_BwE&num=1&cid=CAQSKQDICaaNj--A76cBAEW-GObOKbXWVZtfNB_rIETg1DmrnTQBbh4eJJQ9GAE&sig=AOD64_3yt5ihbavngUIc_j6AajJ7JEINxQ&client=ca-pub-5884294479391638&dbm_c=AKAmf-CS0a5R0teW5sdlrDeJNv5NhchjjlDMXanGgFEgScSNFxcVKcwGUaDueVLOl-5fSnUfTDBrAKwaSJ-tb-8ITJzd5_1tZrMW3N6JB6rofAXIwFCKYkLJp0G1bIztzL31GWcOiCNzzaoNn_iozB7qAIg9IqdHHmKzC-MESTwz6OcxczEvwDE&cry=1&dbm_d=AKAmf-BsjngpKABSdy1sJ-Cl5cLfbRVAIqlvd6MX4hpXjLbHV-71l_k-TXM2ZTMtRRwMsDosu22zXwSDUjLdnMDg7C0OMJsC4DYH1vuE8a-RKhhrEaR_dwcjZHUy4s14kS_MgiRrv2vETQDdUcj7gO8Z05hoq8oVcATLII8k__B6h2w-sAwKnu58oGAGWgIDBAkLazJ8aQ7DyYB9H4yR8hxXKvY7NeIYibiSKtKfpMsl2R9ZMOOcxO-6IwNqMhjsSVnNdC8nyhrG-xovUeVBVQfP5gJP3g-vaZvTlhvRyaMJSHD_pSMP8d2jnhXKoMnnAsFd9zcVwBFLgYQ2tCXhod93anD_3znoySwB_y_FYXsk-AM45ezrugfoIR1i9nmW1aeVJpdt3w8Y124EoelEDYLW6vGbL_IPJUZCBQAk19t4iWBFLWYPCfZOGmU7XAYyWxotKY02BN3S0dx0v2SN2i8cYyBP7-Kz7SDsA-TayIcfSldnc2fbk5NzLA2WHrkDa77m-NH5Tzsmgl7skoTpBJ5rToI0Grh0hqidFH_FaE_RGjArXHyClgKoNdLS_U_5bLd8KjnxTOw_JNDTSVrEaxqX8KRQmaFjkrdq-DW7qzgsTqNfU6hil4I&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.46 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: ad4.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 18:17:48 +0200
server: ADITIONSERVER v1.0
etag: 7285767201357761292
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
content-length: 19
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0F39 22 KB
8 KB 22ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 128686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 02 Oct 2023 04:33:02 GMT
expires: Tue, 01 Oct 2024 04:33:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EA66 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 128686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 02 Oct 2023 04:33:02 GMT
expires: Tue, 01 Oct 2024 04:33:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CCE5 0
12 B 21ms
21ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8SP8uA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 29DC 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 30143
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Wed, 04 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 797E 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c65871f8cfd9bae04fc4466e17f437f5312dd409a13f30789e7e76ea8979dbbb

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 5D5C
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
936 B

148ms
88ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D&documentReferer=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5262437933058&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 85a1060c944c575ffa2ce8410d77eb886c8aa6bbee6d624c0e02b3b4170ae8a7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 03 Oct 2023 16:17:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 11691000132618404438442012466007
Connection: close
Content-Length: 330
Expires: Tue, 03 Oct 2023 17:17:48 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 03 Oct 2023 16:17:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D&documentReferer=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5262437933058&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 03 Oct 2023 17:17:48 +0200

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29DC
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEC5jEZXzfqB_n4vc_J9-ek8&google_cver=1&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A&google_hm=M2VxRU1xcW5uN3FDaG...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A&google_hm=M2VxRU1xcW5uN3FDaGFDRnlubk8=

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AXcoOmRXTLggfqa41QfVZkASuNldB-Aw_Z5MZ8O_u90pzWLaiied6iWKo1nPs3KOKGRaGWRqWT6nW8rsd1PsheLZtXBXZJAR98z1_A&google_hm=M2VxRU1xcW5uN3FDaGFDRnlubk8=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29DC
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-3608f835-02c0-4dca-9044-00bb4a4890c2-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQxqDzojMM2CG_VJsi5i...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&google_hm=AzYI-DUCwE3KkEQAu0pIkMI

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&google_hm=AzYI-DUCwE3KkEQAu0pIkMI

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQxqDzojMM2CG_VJsi5iRHXKUkXraQyD2MgvC9QRVYvxrtLwFZdgGoNhvo1eMlu6tD-FHXHgfAHKAVUtIC3pe4mpxE38SiSaA&google_hm=AzYI-DUCwE3KkEQAu0pIkMI
date: Tue, 03 Oct 2023 16:17:48 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX3608f83502c04dca904400bb4a4890c2003
content-type: text/html

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 29DC 0
44 B 842ms
246ms Image
text/plain 13.113.147.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEL4HPHYhgYjBtsSvJfRbOAo&google_cver=1&google_push=AXcoOmRvGSsad7x9orFxff4uDUYl_H03lEIW3mrp9TPLJ8mbkzGejZZlHLrmWMWgEXu0BgniVnGAvT0XCqN973-eWNJBruI5lwt5tw
Requested by: Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.113.147.59 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-113-147-59.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29DC
Redirect Chain

https://im.bluevoox.com/pixel?s1=2&s2=203601&s3=m52eksbsgbowze8o&cm=1&rd=1&google_gid=CAESEHbpDZFeBDudTjER8X2S3xY&google_cver=1&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4x...
https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4xxswCiYPsoYI7_SjSkvHJAatvgS-tYS1pLPMvlVsKHe9hyQ&google_hm=QlMuZTgzMS1iZjg...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4xxswCiYPsoYI7_SjSkvHJAatvgS-tYS1pLPMvlVsKHe9hyQ&google_hm=QlMuZTgzMS1iZjgxLTRiMDEtYmUxNw==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=do_global&google_push=AXcoOmRABsfwRt-VwlURkSQ9xoiPqkGSjbh0bWamfSfNxlEzyw7XZ_z4xxswCiYPsoYI7_SjSkvHJAatvgS-tYS1pLPMvlVsKHe9hyQ&google_hm=QlMuZTgzMS1iZjgxLTRiMDEtYmUxNw==
Date: Tue, 03 Oct 2023 16:17:48 GMT
Server: openresty
Connection: close
Content-Length: 142
Content-Type: text/html

GET
H2

200

0.gif
id5-sync.com/i/495/ Frame 29DC
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEMoANwAqdATOmVzdZAXBfT8&google_cver=1&google_push=AXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJNVQuV2rd9KbStfvtB9Mve29x4hOxBp_hRnw68QnQ_z-AqTnz_BJ5T1bY
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJN...

43 B
921 B

89ms
26ms

Image
image/gif

162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJNVQuV2rd9KbStfvtB9Mve29x4hOxBp_hRnw68QnQ_z-AqTnz_BJ5T1bY

Protocol

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 03 Oct 2023 16:17:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

date: Tue, 03 Oct 2023 16:17:49 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSWlesfrrFeuxXOloDxpradghOkSjm4gQEgwH4qHzJNVQuV2rd9KbStfvtB9Mve29x4hOxBp_hRnw68QnQ_z-AqTnz_BJ5T1bY
x-download-options: noopen
vary: Accept
content-length: 274
x-xss-protection: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 29DC
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEFR9mC_CSizy...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=YjhjZDI0ZTMtNmU3MC00MjMzLTlkOTAtYzRlZjhmNGM2Mjkz&google_push=AXcoOmSldnfzvESG5XF6FGHxvlqoBqHmchrbMMI7ym5sYIpD2ngtW_wqa0DFQ46rsjvz3...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

59ms
57ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 16:17:48 GMT
pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
csync.loopme.me/ Frame 29DC 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 29DC 0
12 B 35ms
34ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KIzuT1ehNzpKUS8J3_3sNQjoeBf6v4ARwd-H914HULWXN564qbOomqIM8uXGulbmOUxLw49uiV7w

Requested by

Host: c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
URL: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 0F39 37 KB
14 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame EA66 37 KB
14 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC4B 42 B
63 B 125ms
124ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DQJwlqBRF2tlhST2gM0pSfqBIIG1bT1ngwi5pRMw6mktQk7gfx-KWW8dr6-o0inJkr3c-8yvA6nNWU9tHR4tZP3gxuQj8bm92_UsOTA7t2r-Gj0_s

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC4B 0
20 B 126ms
126ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12009991640691131051&x=1&ct=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BC4B 89 KB
31 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame BC4B 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 250
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 16:13:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/ Frame BC4B 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81866
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:33:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BC4B 187 KB
59 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60018
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696246517909956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6B8C 441 B
197 B 63ms
63ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO64rc4CEP3JqdsCGJD3wPcBMAE&v=APEucNVlry2sgpoS1NzJ102g_6tzV_IQ1YdFdnZNToSH9UNFH78RxxTTSUK-2NbD4QG83ZQq-vudbnv4mb0Ifc2vgkk6EaJU7w

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

um
sync.teads.tv/ Frame 6B8C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGaWuPLSfJVPlWMYD6yXHrI&google_cver=1

23 B
163 B

82ms
81ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGaWuPLSfJVPlWMYD6yXHrI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO64rc4CEP3JqdsCGJD3wPcBMAE&v=APEucNVlry2sgpoS1NzJ102g_6tzV_IQ1YdFdnZNToSH9UNFH78RxxTTSUK-2NbD4QG83ZQq-vudbnv4mb0Ifc2vgkk6EaJU7w
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 03 Oct 2023 16:17:48 GMT
pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGaWuPLSfJVPlWMYD6yXHrI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6B8C
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRkODcxNWYtMjMyMC00MWI4LTlkMjItYzllODViM2I5MzFh

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRkODcxNWYtMjMyMC00MWI4LTlkMjItYzllODViM2I5MzFh

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO64rc4CEP3JqdsCGJD3wPcBMAE&v=APEucNVlry2sgpoS1NzJ102g_6tzV_IQ1YdFdnZNToSH9UNFH78RxxTTSUK-2NbD4QG83ZQq-vudbnv4mb0Ifc2vgkk6EaJU7w

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: akka-http/10.2.10
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRkODcxNWYtMjMyMC00MWI4LTlkMjItYzllODViM2I5MzFh
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame 6B8C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEMsry_14uU54THYb4Pb_HwQ&google_cver=1

43 B
175 B

387ms
119ms

Image
image/gif

2600:1f18:612b:4216:f80f:eda:bc61:b763
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEMsry_14uU54THYb4Pb_HwQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO64rc4CEP3JqdsCGJD3wPcBMAE&v=APEucNVlry2sgpoS1NzJ102g_6tzV_IQ1YdFdnZNToSH9UNFH78RxxTTSUK-2NbD4QG83ZQq-vudbnv4mb0Ifc2vgkk6EaJU7w
Protocol: H2
Server: 2600:1f18:612b:4216:f80f:eda:bc61:b763 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 03 Oct 2023 16:17:48 GMT
server: nginx
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEMsry_14uU54THYb4Pb_HwQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC4B 0
20 B 121ms
121ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8219277301765&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC4B 0
20 B 122ms
122ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8219277301765&version=m202309260101&ct=2&x=1&cor=12009991640691130000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BC4B 75 KB
33 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AsB4a6BvvRN2SGnMGqQrQ4xUhEERDPfHOfQ87t22NzurH2brq4OTvNaO6hUiGsxtrUu0mXhUUT6jv414pyYGrB0uAYOqcd-yfxqtlj07znsxBLtl_Wp9LPIxWdJNgUAbDpXhzBW3wXC91DJi99hVEc0Z_cNm-9AGPVRxmFqZwcjyRvXRY&cry=1&dbm_d=AKAmf-Clz63aKR_95XR04ycwF0a1U3vWotQR1oCbdThlSx0qKKWdqHIkPzkJVd2qetqWKR-MWOxkZohepQRjx_cCbO6pdoLa5NsQ5btd9297gbq_jq1JWQVp43U0-eDOtiR14C_Tg5rt5k5dPQf-okyA7BddLvRwJGj8KWbtdg-hdX3GeiNJrT_8dmH4Sh9SszT53h70EO0FyJbb0emS6VxPVryCQ-6b7ordmiDwmds-lyYuZxuymbu-2CsQ6xejOv0sw2Edgg-xWkhbvEn3M4QnXxpziHKPa-fnDPOz4p6OrQtLtc4Hc5WSdg2k60AmzaCljg_297h_shmPoYYnXIi-BAsHd8oH7HolI9Ra6he7wBgc752NuIMykn3Gr9STywDM4U2LFFy6txz_VWrpxzKiNm9e4_G5Wc9y96D09fU-u1nbGNTon1XUudlmvYAMb7Bzp5AFZ1WVSYcJcB-R9eIp148leqlkttSO8PZGcoYckVv608BndLScjZu9IxEa9XQHhqWlzCoQ81z_hTMscLIQrHHsN7IzCz6zb_w5UMvLdIGT02QxabokLA-1i98qCxswcs41lhXYwSvm6JOfBzNL5vIIXzT9WJlXLEmhNaX74fskFF4_bke5ShEaUzRMRE_ygtwetOw84fpON7akb1CLAzSjhz93bHiSYe4vf2SL_eTkxoxJcVwD6E-L1XpKNtrP7UYli575PZR9qT-w7L0ixlPY74hIM3Ff5vj9uMrbx6QkI7SP8w9yg78HYXRfi8XoXLY71xqH1peULVTLkFUJdmMerEtmHhhJKjYjrXP17ZU9r-gT7RLQqyJw8La9srPlUDEsWprVOcsfS6niL4VqTIONrZ9IAi8bkqXqrwwQHZ9L-qwlQwRHLDbevnvCS6aJ5jkF4gy0wqPmXnIuBVpS-ftxn5530OAksxxbk2VmGUOdmxkbwveiDNnMrNnkeFebdTokFNujQvyx206_8yDbeltLZb0F-sGLXUAsoQRr2FPTomgRHHPBBW-vd2PBXs6ZR1Di9F25szaKShG9AWwCoQ1M5p3Tz47yxCUIrM1iGn475pCflmv8DlA3w6mqMddCyEmcxuHLzVf4oqze9js6TiUUe59Gt2xtqPjUHFT0wcHAreUuMEj6WAcCXHjilLkniDqkn5OrE4pY9Upznr7JhJSNnCDJoKARLTTxaE3Mldpp_F2SkFHBJLGHoXAV-FbRJNOxkFhZs-3mQtOWPoo6HaLIF66oeg33UOZGFse10yusLUWEW8xaWV3GTOIljINhL6D6L0uq9d3400dI8sL1g6vz_u9en6kqM8vJ83sl5VPsVw4nOvUY102jnnfuRtyVrzwNq_pPS11kysokl8n3UJXUy6HW9p6UFGTF67e3mxaSlOjs4KvWSHc5ymYUvbymkbiqiIPMYlHJk4Jo3ivy3LQN-oYoC-aJWnBV1xL25s4JV5l9eb6zC8kh4gIbctY9Do5CDl9ltMeSj82evuoOmsxeVaMw5nXdNvN2_vm0wYkMa588wLx0dMEfg5NmUF4rdQWPWAQdh8BLDklPD7c1vmwouhbT-20-Dy9Bi0R5YTVKfCvl0XcfyOWDWYPwskXOjcdh2YfxSxqoMjXqFasspBQx2U8DmQoNpYziW2Inr6ofEf_dMmpCHgTHdPKHwrYByCRzFGdJ08W0P90BFNtBXE67E33-mWKn5G5FEFf_kq3FEGcGLqbFVnZguMB-pNP_foR9G6l4Tu2es069Iif_84w8ta9sxXre2CWVlvJI1prVxrhljfD1t6icEn6qoJS9vXIa2k17KZb8krFjrSoQV9nibcp3a7IAU6gk56MR4_Q3u3Of5ECKkbYdYIop1YxNncMXGKjfw4s6ZQgba2heh59EBL0JJ_MyvDNLWytt9ABz_u1HmUW8H3jClWWkRk7TieQ-Uf4nLK8gG9ttYQaElFHD3PKMsvz_40_viKVRI92wzTcL7uzOHWrJ9ChA0ntP_bIDrvPWzXGOo2E0y9IkLcKqj_zpx8R3EZJzJrSjvoQBy7LDs3mvk4mDR1LUXH6IqH3W_8jQuNo5Lf2tZPZv2IyKSEqPHBjJpZGLl02OVtIiuXt9xsWimkc42_ssfN4ZuncDgFrz0rz7jS6gNKF9zb7gsmrPfbF_kGJGPPctcpBtcYaHeP25C-b8u5-UxkFHo16rS0NUcf_FgCO6ZC14vl6yS88I-CVcn5-I8JFMFjUZkp7QtUGolJSGT81L0ea3ugG1oFMdfLYDMCX_04XVl5zXg_t58gBbJx4FLdXXiA8zCrKeuL2Gkw4_f-rOCDstrXpNTuC_brpYX-0LbYAZbv3J7MHUgyBHIX7FX0xQ6p00h9k0i2iuxXsLPW6KWGy7FWsDxevPDJ1Ef8jlQf25HrQ3rtTqE27gLnskAxl9_FcbYwdQ7nSqFJ6G_l3eR8LH-9yc3tWW947g_4wUlDF--1Cp3K9HmkfKVcPKHPw3ZhDHx3lh7JOs_jjogFWwYIboWKZPh8B9LXC8HVMUWRsvOMzqoD8ehx6Q2KaseGYcRN6BINPLsbpZn5N9Qa_EPqBhHftsXFXKWMkNy2t5VHatEbde9mYqQztVptDoHjQqXhC0c2toAfXTAK0zD_kbYUOWVqcAV4nZmTRoD_oCr_IrsSSYY2bEHio74wIehFOyCkyQiumtxQ_AJ75scpAyqyDToH_tQPWVYFgymmI02k_cF6k9qVPKT956SnLhKzvboZFPrAYLIbnA-hb--Uvsr6d8mCxuL1h1h6ETbm6RC4zSAxhOokgGs6IBVj2JFktnALKvAe2fY58_vVC8iJFJl1_J1p8RtHol_G7-MRJ6ElRzHmjReT88fLK8ME8nYPAifMigp1bP7vuzNgSh3xv0AmydkI87Fpo6PLq_bpP8KzTkz7UPHVQO0MuLFddT5EBvxTIG4EbdmVV2Ro5fvw6W9CW4vYATi4FP1CSEg5n7cRcZaW6msD-uj0VR8gNHvyusxYiBtMA7cDkrX69OQNNi0rxh1ENJnqw6IjuU2SEzQln_Bg-6tGZK3pCtJjE6KVpxGMoX6YZQ3SSGbC1UqXSkWAQJ5OWINY1UjUFvoZtc2AyQNj0P8BMP0gR3J--yPImjoAZbQConDafImgcfK98KW5Pgi-WGky7PioXBxdAlvaeHaX9CGICBMYm8UgWuh9VsuWch31IDN43m5eWkkiw-7W3MyJt_tx4H36Z4JUpRoG6jpjtrAYIDrbpQ5aE4a8jGksfjNGRpDxcAGsi4YWg-wYx_3tTEd2biVNJ9e3linEc3r4bf5up6v3gqTClwKwQ82x2bfiUYTkJ93VB_d425As6Qy3ZcmaxOwIot5KnijLAib3SF7N5X07c9_efFHFC0aIdVoOhUFZtVvR5rS3oP5NJf51kl2gpr4HWq_oKwo9_nwImzsoq3oOtbwxVBaz-DL_e6fPfyyVC_9tpa7RlfwH8GsB2ztRyaebgw5dRVvVqGQVjTSbOUgEVFPzhCSqp8KMtj3ebTx7WXS9E_1i8XUZ95laKrR0OLYy2jFnhd8hXNqm__Vq6vF6_JJyyZAOZ-uq8hXtjdLOdzY4CJs3YwjY_yiqaE_kzfi5-0vconFV0_WCcvMusgDCqVhw9rwHcUzNvNx0hp_5tUaEKvCTZHLC14EBgurb0bbC0vZb9qLfs1dLu6mlUy-EZHJbh5te2izHMJHSb5TVmvdhr-sgAOWBAn8h9G7FLxl4qLYH5YJTE8Mgiubx3OugQunI2CcDbxDGmPv8DsJyufTDyF8Jbp7mJ3XQivgI2x6d4SR6IkCNKPj19anm0Udbb3WKGT7lF16M_sXF6IWxA&cid=CAQSKQDICaaNvk9DoHdGCtQMpvlsg_EsRElaj2NK1KzEx5i1tRv4wmQ5OREVGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=12009991640691130000&adk=4022746785&idt=87&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c57124f785e69b8c1e21fa7f4d78947ce7d5136b69296530fc7b3b9091bbb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34125
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EA66 0
20 B 129ms
129ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7cwCqz4cZZDrOP699u8P7Kut6AMAAAAAOAHgBAI&bg=!MzClMH_NAAZN1Q_XbdU7ADQBe5WfOFegQhqofc3Jf6dTf5P8tN3GbHmOf2aeuQPlMGg-Zo6dNgR1eZijH_vV2ICgs-LzAgAAAGhSAAAABmgBBwoADUdAUk9LVD59ffTKr7eZA11AvSPjdUXVBJU5QbLeX9FEUmTuhgal5iPY2co_SfKx1VUj5Bo_TbUzxwXeSMaeCzCRgXIlUzI8-0sH_WPC3_9kY04f1Gx7H1X6qLF-bRIT7b84dRxfkHrAJcKz0kgGf0BS0TXycozP2zTT_8LwQK6ae9SNwl33XZ2kUy6ph9Rf8G_JRvLbVCydraJhG2DuuQ7p0WdcYaI-Ze4YHJFFbgURmHS7C4FiDVPaJ47QwAerOQZgILydsI7olZzHfQ5MmMug_MbbA3sAwytbC5nxdg7W2eMPVgnwUcBT5oTiPx6AFxvDuM_RK1REZFqzntRqldSyUfCTJrssJAYeyauWdEExQEtqH3e9CPpBqq1eCIrTGlHhIKoMMIamLeiFGDnQYpXjl4xFycI7P7xUMmzjAJdYMZkITRxJ-tKdZLxgD7W5fEvVuGJaehlUv2ytl1xkiIvu6Ag_kPUrkpX3PJy9zUI3Cn1aBMbt5ubQ83d_SRpZutPWx1G1ENQbRHpZJQs6AmapkV33GokHEPAw7kvee8tcTU_Ni1kRqhfFUiigUPsY-sQG10ZnpwPqxlcdGJN0MuiibG3ScFLq5pB3vJpC24kCtIubDsJ6BvUeEDhbvC0lzP_KrYukQZh2PJMYJzudDsu16CcPB0TQo_TysG_D9NjOxMKnZx-UT_Quywzlccrb_oYpiC3REB1xTi1uK0Ie7sTU4Bq3WaSB8UN-VCUHZ4ixew_s7blWSg2umVKQs1OU8lTkOhX7UfqtByoRIft0MDv3ovfusKe_2eGALgoahVxa7SSYayh9oZIs-L9WSBauM_7jg1l76_q4Dm7qqf5ZM-vvr-BPS9jbc2mCh3SXk43uxutOkosx6zOTgFcDs1rXsC6BVXiXxWS97R42GLxsrpyEX8_nVrsM9UfuKmTGBxMgdpL86RPVFaAZf23-b4Bjr5TeSxA40WTKbcaAZF_PChZZtQL6MmveK75Eo7IvBzMWkpaGC8aOPiy8ZaQ7weCHbWAQ0CtvDPtif-SAJvKZ2EgDGljXvFUsEEqGfooVFJyhLt3eGc-nZ6Ht0DLtg4Dk7t4XFamThdC2gBvz66EpNzHM4PEqMg_IgOBI6yZZ7O_7tLAT0LOZtCPlQPMODCNYbQcdn_Hovv0FjZ3WSAo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/ Frame BC4B 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AsB4a6BvvRN2SGnMGqQrQ4xUhEERDPfHOfQ87t22NzurH2brq4OTvNaO6hUiGsxtrUu0mXhUUT6jv414pyYGrB0uAYOqcd-yfxqtlj07znsxBLtl_Wp9LPIxWdJNgUAbDpXhzBW3wXC91DJi99hVEc0Z_cNm-9AGPVRxmFqZwcjyRvXRY&cry=1&dbm_d=AKAmf-Clz63aKR_95XR04ycwF0a1U3vWotQR1oCbdThlSx0qKKWdqHIkPzkJVd2qetqWKR-MWOxkZohepQRjx_cCbO6pdoLa5NsQ5btd9297gbq_jq1JWQVp43U0-eDOtiR14C_Tg5rt5k5dPQf-okyA7BddLvRwJGj8KWbtdg-hdX3GeiNJrT_8dmH4Sh9SszT53h70EO0FyJbb0emS6VxPVryCQ-6b7ordmiDwmds-lyYuZxuymbu-2CsQ6xejOv0sw2Edgg-xWkhbvEn3M4QnXxpziHKPa-fnDPOz4p6OrQtLtc4Hc5WSdg2k60AmzaCljg_297h_shmPoYYnXIi-BAsHd8oH7HolI9Ra6he7wBgc752NuIMykn3Gr9STywDM4U2LFFy6txz_VWrpxzKiNm9e4_G5Wc9y96D09fU-u1nbGNTon1XUudlmvYAMb7Bzp5AFZ1WVSYcJcB-R9eIp148leqlkttSO8PZGcoYckVv608BndLScjZu9IxEa9XQHhqWlzCoQ81z_hTMscLIQrHHsN7IzCz6zb_w5UMvLdIGT02QxabokLA-1i98qCxswcs41lhXYwSvm6JOfBzNL5vIIXzT9WJlXLEmhNaX74fskFF4_bke5ShEaUzRMRE_ygtwetOw84fpON7akb1CLAzSjhz93bHiSYe4vf2SL_eTkxoxJcVwD6E-L1XpKNtrP7UYli575PZR9qT-w7L0ixlPY74hIM3Ff5vj9uMrbx6QkI7SP8w9yg78HYXRfi8XoXLY71xqH1peULVTLkFUJdmMerEtmHhhJKjYjrXP17ZU9r-gT7RLQqyJw8La9srPlUDEsWprVOcsfS6niL4VqTIONrZ9IAi8bkqXqrwwQHZ9L-qwlQwRHLDbevnvCS6aJ5jkF4gy0wqPmXnIuBVpS-ftxn5530OAksxxbk2VmGUOdmxkbwveiDNnMrNnkeFebdTokFNujQvyx206_8yDbeltLZb0F-sGLXUAsoQRr2FPTomgRHHPBBW-vd2PBXs6ZR1Di9F25szaKShG9AWwCoQ1M5p3Tz47yxCUIrM1iGn475pCflmv8DlA3w6mqMddCyEmcxuHLzVf4oqze9js6TiUUe59Gt2xtqPjUHFT0wcHAreUuMEj6WAcCXHjilLkniDqkn5OrE4pY9Upznr7JhJSNnCDJoKARLTTxaE3Mldpp_F2SkFHBJLGHoXAV-FbRJNOxkFhZs-3mQtOWPoo6HaLIF66oeg33UOZGFse10yusLUWEW8xaWV3GTOIljINhL6D6L0uq9d3400dI8sL1g6vz_u9en6kqM8vJ83sl5VPsVw4nOvUY102jnnfuRtyVrzwNq_pPS11kysokl8n3UJXUy6HW9p6UFGTF67e3mxaSlOjs4KvWSHc5ymYUvbymkbiqiIPMYlHJk4Jo3ivy3LQN-oYoC-aJWnBV1xL25s4JV5l9eb6zC8kh4gIbctY9Do5CDl9ltMeSj82evuoOmsxeVaMw5nXdNvN2_vm0wYkMa588wLx0dMEfg5NmUF4rdQWPWAQdh8BLDklPD7c1vmwouhbT-20-Dy9Bi0R5YTVKfCvl0XcfyOWDWYPwskXOjcdh2YfxSxqoMjXqFasspBQx2U8DmQoNpYziW2Inr6ofEf_dMmpCHgTHdPKHwrYByCRzFGdJ08W0P90BFNtBXE67E33-mWKn5G5FEFf_kq3FEGcGLqbFVnZguMB-pNP_foR9G6l4Tu2es069Iif_84w8ta9sxXre2CWVlvJI1prVxrhljfD1t6icEn6qoJS9vXIa2k17KZb8krFjrSoQV9nibcp3a7IAU6gk56MR4_Q3u3Of5ECKkbYdYIop1YxNncMXGKjfw4s6ZQgba2heh59EBL0JJ_MyvDNLWytt9ABz_u1HmUW8H3jClWWkRk7TieQ-Uf4nLK8gG9ttYQaElFHD3PKMsvz_40_viKVRI92wzTcL7uzOHWrJ9ChA0ntP_bIDrvPWzXGOo2E0y9IkLcKqj_zpx8R3EZJzJrSjvoQBy7LDs3mvk4mDR1LUXH6IqH3W_8jQuNo5Lf2tZPZv2IyKSEqPHBjJpZGLl02OVtIiuXt9xsWimkc42_ssfN4ZuncDgFrz0rz7jS6gNKF9zb7gsmrPfbF_kGJGPPctcpBtcYaHeP25C-b8u5-UxkFHo16rS0NUcf_FgCO6ZC14vl6yS88I-CVcn5-I8JFMFjUZkp7QtUGolJSGT81L0ea3ugG1oFMdfLYDMCX_04XVl5zXg_t58gBbJx4FLdXXiA8zCrKeuL2Gkw4_f-rOCDstrXpNTuC_brpYX-0LbYAZbv3J7MHUgyBHIX7FX0xQ6p00h9k0i2iuxXsLPW6KWGy7FWsDxevPDJ1Ef8jlQf25HrQ3rtTqE27gLnskAxl9_FcbYwdQ7nSqFJ6G_l3eR8LH-9yc3tWW947g_4wUlDF--1Cp3K9HmkfKVcPKHPw3ZhDHx3lh7JOs_jjogFWwYIboWKZPh8B9LXC8HVMUWRsvOMzqoD8ehx6Q2KaseGYcRN6BINPLsbpZn5N9Qa_EPqBhHftsXFXKWMkNy2t5VHatEbde9mYqQztVptDoHjQqXhC0c2toAfXTAK0zD_kbYUOWVqcAV4nZmTRoD_oCr_IrsSSYY2bEHio74wIehFOyCkyQiumtxQ_AJ75scpAyqyDToH_tQPWVYFgymmI02k_cF6k9qVPKT956SnLhKzvboZFPrAYLIbnA-hb--Uvsr6d8mCxuL1h1h6ETbm6RC4zSAxhOokgGs6IBVj2JFktnALKvAe2fY58_vVC8iJFJl1_J1p8RtHol_G7-MRJ6ElRzHmjReT88fLK8ME8nYPAifMigp1bP7vuzNgSh3xv0AmydkI87Fpo6PLq_bpP8KzTkz7UPHVQO0MuLFddT5EBvxTIG4EbdmVV2Ro5fvw6W9CW4vYATi4FP1CSEg5n7cRcZaW6msD-uj0VR8gNHvyusxYiBtMA7cDkrX69OQNNi0rxh1ENJnqw6IjuU2SEzQln_Bg-6tGZK3pCtJjE6KVpxGMoX6YZQ3SSGbC1UqXSkWAQJ5OWINY1UjUFvoZtc2AyQNj0P8BMP0gR3J--yPImjoAZbQConDafImgcfK98KW5Pgi-WGky7PioXBxdAlvaeHaX9CGICBMYm8UgWuh9VsuWch31IDN43m5eWkkiw-7W3MyJt_tx4H36Z4JUpRoG6jpjtrAYIDrbpQ5aE4a8jGksfjNGRpDxcAGsi4YWg-wYx_3tTEd2biVNJ9e3linEc3r4bf5up6v3gqTClwKwQ82x2bfiUYTkJ93VB_d425As6Qy3ZcmaxOwIot5KnijLAib3SF7N5X07c9_efFHFC0aIdVoOhUFZtVvR5rS3oP5NJf51kl2gpr4HWq_oKwo9_nwImzsoq3oOtbwxVBaz-DL_e6fPfyyVC_9tpa7RlfwH8GsB2ztRyaebgw5dRVvVqGQVjTSbOUgEVFPzhCSqp8KMtj3ebTx7WXS9E_1i8XUZ95laKrR0OLYy2jFnhd8hXNqm__Vq6vF6_JJyyZAOZ-uq8hXtjdLOdzY4CJs3YwjY_yiqaE_kzfi5-0vconFV0_WCcvMusgDCqVhw9rwHcUzNvNx0hp_5tUaEKvCTZHLC14EBgurb0bbC0vZb9qLfs1dLu6mlUy-EZHJbh5te2izHMJHSb5TVmvdhr-sgAOWBAn8h9G7FLxl4qLYH5YJTE8Mgiubx3OugQunI2CcDbxDGmPv8DsJyufTDyF8Jbp7mJ3XQivgI2x6d4SR6IkCNKPj19anm0Udbb3WKGT7lF16M_sXF6IWxA&cid=CAQSKQDICaaNvk9DoHdGCtQMpvlsg_EsRElaj2NK1KzEx5i1tRv4wmQ5OREVGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.xgcartoon.com&ds=l&xdt=1&iif=1&cor=12009991640691130000&adk=4022746785&idt=87&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 18:44:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11583
x-xss-protection: 0
server: cafe
etag: 13692823745828058245
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 18:44:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/ Frame BC4B 11 KB
4 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230928/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 17:43:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Oct 2023 17:43:52 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC4B 0
0 130ms
68ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfRrWdvDm8jYtrKjt4IF8MY2DPZTgIM5nBzpBPbxURooTfiqyPFW4jMP6fPh7oFF30Un_lkmCnuORodrhyCIDQ79IJMphi9YRVFmrpVNEdkweo3Ss7Zw2AJ8MeuF34_E-wBmSmyJ7Bh5YDbyrpniplgsoSUWd-BR4UiXFGSRG3hWbJyONxj8idoaC85VyK6opl75TMKz4Q-Acm4hVQlByYtAqYqz3NL1kw4PKnYmCNMrshSdYu-_4EabguFfTwr4uyw_Fd8lSZNJNabPJk7UEh1KugDTdPU9XJTXA9ZVbme4u4xHa8o4cdY1VMX6Ps9hARowlVlFAwsnTMKqygTfIn07snN8Ic2xuNL48OnLrX9akQEmAt0mV8iaHT-KyEXmSzGTHAJ3CLEHwSpKMBpho4Gn337-UiIqRM_FLmjTEmW_WexrcIDs7a4OBoWhuZWg06jkfeRdDWhLSlGnl4LB2vLuJTW0ozSRENwxLRAMe_UHUKdMBg2r110YrpEvvkodhzU6jXeEXgOyCE2mxJQY26PcsPt9CCO2JGREodeBzcIDhS0tn_5Bdr6S-oMrPZrTSw-uhidElWetvJiEdkScT9EhRaI0AH4hrddZAgWczJfnAUN12uQ0TCRMNj1TIYXGqWPsKoefViLxW6maAaY8BzgXpvrXnbuhL4vLG49LSsJ6khPzfCyir1BH-gHJ2HuDct5SStd9hURpLwdKgqJpuUjFgPGJEhz4xoBIjPK3E007BEx5S5RT2wGARGmaY3zJaDoWoezxvtw0xw8_QhwD3svhnOOs8CSKOfO9SwDSA1Rrp5t15CVBzxtwi57JPw6wk3ZB36AlISBixGSpLYODHtnVt4hateq08r8iInoQCJhqTfXbPBoj0BXMDOJGkp6wg_8cqmA-laRHkwafjl4blYKB4-exuDlfvXLJjFxADHigWGFfhcXeD8i0Aswfs3QNa0BV-pqdpdyL3XP9ZWanECKZMhD-RTNev9kAdx_txOjQ8eW64MBSR3JZ7Nneg9qoUfOLhM55VZ6-tC5YL2jcN1U-hSVN5a2nyhllzKF5G0FNm6dpuqJBl7UQXHTe4qX7FGe28ziEwMPtZLvS2T_V6VL6IjIJpunA2vPVFWG4Og5KEmSYaoq-nyybr6mEG8KaSVd56l6GvNexqiSCtd5l-so95iU0uFMgQjQqHXJ-WFZnIDShpB9FXeK-iLiy2eLLDEHNOW0CEUV5SABNrLo5V4JQ6dSBITKFTLrrucBQpUu1wR_zQooq43WDa7_GYA5-LW9OgFZl4o6uKaug&sai=AMfl-YTF7kTg2fN385WuMHQE2Lqv-rgpFrCyp4U55AwrtXwwUZgZ0Rx3kO4JhTWGbk_W6Pn6yGyiJwgImGxgaNyxkKzKcpfL1FIF2AkIK0PtmJjboK3uK1kVLQ2BuTXnyUNnmlR2YktMI8aydHYCpRQ7pLqaLy2_-lRABf1owyKWvE42HQTfPe0NK4cwQTVCRR0vVAo3uJ00JHgD&sig=Cg0ArKJSzOkxiWz2UmcTEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230928.54447&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BC4B 41 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 379164
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H2 200 10277943934409896948
s0.2mdn.net/simgad/ Frame BC4B 32 KB
33 KB 80ms
22ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10277943934409896948

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

488c299c8b5894a6542055567566569177c97620aa9a508ad929a7eddcc9e060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 13:27:41 GMT
x-content-type-options: nosniff
age: 355807
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33206
x-xss-protection: 0
last-modified: Fri, 15 Sep 2023 08:47:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 28 Sep 2024 13:27:41 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8070 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 30143
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Wed, 04 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F39 0
20 B 132ms
132ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlgD-qz4cZbGLN6SRjuwP04u2mAkAAAAAOAHgBAI&bg=!goGlgc7NAAZN1Q_XbdU7ADQBe5WfOP13as7jNW_ztUwyK1qwc1sy3TGCidg9sgkMlP-_-jA1A2UQDdRoHKLeu7RSAupjAgAAAIpSAAAABmgBB5kDTbHJCv67oTvWvDKt5slC2bROrNHYqNNT-T2FbfyjiGSrAnc1FR4NKvH_fEHSJM7w1kUYEgx-OZvt2NqDQcgF9YJLjahsMNAN4Biksxa31nfvEZh-TTkvGgOKy34Sn80OY6C0zIrfZcqosYd9dGPzuM_ldHCKDhgeBOouOvfahMqhsPrLfLyDSGzdMUhP6WCYFNfIfabXHCKIJBRM3Yss4rxgQjPxPUn__hWrxo6Ohphvp59BlnQbBM97Ma86HdUUmqMGVg3lUEJs6SqzrBurCd5xPsIkn_lY9HAZmZbLHSGX4fMVzhu0jb_qKhYmtEiiYGEsqDR6evEZ3dZ987oM53ibn9QbSfSbitjaHEgRU7YNJiVyWtqGY3G9a2ts5qeVoVifWIPKTSTkDQFeocgxeZ-nrJPUns7agV7rU3sq4opcTkCKnvXQJfs0hg58gqPSUHznd43Lw2GYUqM5bZlNzsT22yOHKhaH9i5DOxN8oIUuRINUn5D0JDFcIWpSai5Ct9xuMqvdpFg19s5d--grizVmNLUY9dw2gC_Wk6tjEKw852YphKHqNMxZw389qjhZyUrczVLClBJNpWguMQtg3nw7SflMNnZBr8V1VKXePv5NKYelhPddZmeKfDMoasLa5Gb-BPBABajCCKhb7nNatSbjjhxdYuKwvYpoCS2UhmO4bJcClf2JhqCIjf_KRzVhlrsLYbjdk90WxPWDb4uW0XC51ul3KjBoDxv4GOt06TNo9qnxlLrdkO4YfpldRH4Luwn3Ay8_MYmO2Mz6gi6nbrGdudoS-9XfK4HmSq79dyzZFXSE4Oys6xZKSMszlGX5toQ0cV6_y2swuIQzA5uMOzNs4ue0t8Z-0zcLcRwruQ1AwKSA-vg3Ufv2PRpyds_ZMi3ehSEGMcyT7rVyajXw9MziU8uoQQGbXMiNTUD7TgviSFP4nwmy5_rOye5yQqK0ENC_MmvbG7k8rJ8MDvL3QbEara2yyVFFAzF3oID0x6pF0-auGt3U9vKEObnSKTMzcAydHS1hKTUNDXOyBw_BMfDzm2jJEm4fU202_e--tEzTuvHjYdecDIYffPyhqvU-CAMqOwdcptVaOqp47E14_jpXDQ-Laj0CDMcAHiw1

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0ADC 42 B
64 B 130ms
129ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssNkfOQu67JXLUlmbYYVgnc_TZo9VonUcd4sQudQcWZYGs65rv8DsyXTs85-u78VHFo0eKVfbJIQHNna2jwzECnLMW59b38sddSU5X-l9TxNXbkCGohllWCzIilp7UD63X6rYojUAbWPw&sai=AMfl-YTp8LRk9gnhN-zEWvaY2qYJO0262HKXHG0MySgt2qH2FmFn5IEyhOgF72vtClhUB4aqhjfFNHnWr8eS&sig=Cg0ArKJSzOq12fH-gltSEAE&cid=CAQSGwDICaaN2jyevISzkjzSda0neWR_G9ni-sFDChgB&id=lidar2&mcvt=1016&p=0,0,90,728&mtos=1016,1016,1016,1016,1016&tos=1016,0,0,0,0&v=20231002&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1412529771&rs=1&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696349866814&rpt=506&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 178F 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 128686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 02 Oct 2023 04:33:02 GMT
expires: Tue, 01 Oct 2024 04:33:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8070
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEElKtIxk-KO0DbkBaEvudqw&google_cver=1&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4wHBCtGr_GWqfmRLRayX1l9k0t3RC6M73uXDd9qWhMZAX4EAmCi5XW...

170 B
188 B

41ms
37ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4wHBCtGr_GWqfmRLRayX1l9k0t3RC6M73uXDd9qWhMZAX4EAmCi5XWnd1gXYMLbNo_JYcnv7p4Isc_g

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 03 Oct 2023 16:17:47 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1A466A1DB924454F8649EF821F857DE6 Ref B: ZRHEDGE1014 Ref C: 2023-10-03T16:17:48Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmS7jNDP3GWl4G-Mh7z9q2OiUAm197_nB9ovbPQmFozzpbk195koTlkkYjB4WTGYd2jf-cYp4wHBCtGr_GWqfmRLRayX1l9k0t3RC6M73uXDd9qWhMZAX4EAmCi5XWnd1gXYMLbNo_JYcnv7p4Isc_g
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG0jtTfrdC/I6yXiL/kw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8070
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTdmODZjOWEtNThkMy00MWNiLWFmZTYtOGFhMGRiNjAzMTMz&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=1&google_push=AXcoOmQN...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTdmODZjOWEtNThkMy00MWNiLWFmZTYtOGFhMGRiNjAzMTMz&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=1&google_push=AXcoOmQN2AouU1j5NRYnkki6SeMjdF-Tbw2Jt2rms-XtygoJFuZPz863hyczhfgiKNDp3GZXFH9_W5FDeQ7OjtAsJkFuAtSlUdbJxe3VEyknIqE_pPuC7Z05y6N_Rcf6ZrioOYR1kJu5HPiiEa8pkqv8oEk

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTdmODZjOWEtNThkMy00MWNiLWFmZTYtOGFhMGRiNjAzMTMz&google_gid=CAESEI8UOXuAL8TZSNVb8Xkp_Hc&google_cver=1&google_push=AXcoOmQN2AouU1j5NRYnkki6SeMjdF-Tbw2Jt2rms-XtygoJFuZPz863hyczhfgiKNDp3GZXFH9_W5FDeQ7OjtAsJkFuAtSlUdbJxe3VEyknIqE_pPuC7Z05y6N_Rcf6ZrioOYR1kJu5HPiiEa8pkqv8oEk
date: Tue, 03 Oct 2023 16:17:48 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8070
Redirect Chain

https://ums.acuityplatform.com/tum?umid=4&uid=CAESECKvZYk5Sc0VjrIR9-sRgWc&google_cver=1&google_push=AXcoOmROdORuKhnBmZY7eOHdwdXdSa_6sdTQCEK29HJCj6omCowkXvkjVspBfY1avrrd-A63M1ENIRPGtg9QsWVP_12QKHljs...
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=835727490238&us_privacy=1---

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=835727490238&us_privacy=1---

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=835727490238&us_privacy=1---
content-length: 0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 8070 0
43 B 600ms
247ms Image
text/plain 13.113.147.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEL4HPHYhgYjBtsSvJfRbOAo&google_cver=1&google_push=AXcoOmQkzKM0ecretMasy9Yqe2XtNF8BzMitQCanYaa78A-Ft7lEXoNDC6vMwP-pGdTRo5Pvd2a7D2OKiqQtor4JVYTSpJpnMSpQSG2vv7uBdIqZbk6CmAhPrZ-Ki25sL9P0yOFQjPDYefjF5xaidCttdHVJ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5884294479391638&output=html&h=100&slotname=3654094576&adk=193636013&adf=3173046728&pi=t.ma~as.3654094576&w=320&url=https%3A%2F%2Fwww.xgcartoon.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696349867094&bpp=337&bdt=160&idt=572&shv=r20230928&mjsv=m202309291001&ptt=5&saldr=sd&is_amp=1&correlator=6157&frm=24&ife=3&pv=2&nhd=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=0&ish=0&ifk=2211716903&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31076839%2C31078422%2C44803794&oid=2&pvsid=1277512177376632&tmod=1295555538&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=1.opvulsy6ljpp&fsb=1&dtd=582
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.113.147.59 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-113-147-59.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8070
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENlDR7UZw...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENl...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f1a7e724-4da4-4af2-b1c8-1af336ecb7f5&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f1a7e724-4da4-4af2-b1c8-1af336ecb7f5&%%GOOGLE_PUSH_PAIR%%

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f1a7e724-4da4-4af2-b1c8-1af336ecb7f5&%%GOOGLE_PUSH_PAIR%%
date: Tue, 03 Oct 2023 16:17:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET /
csync.loopme.me/ Frame 8070 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8070
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEASGQPT_l888UeUM9kjaPUc&google_cver=1&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71V...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71ViixPl8u6EQNsBDrLRIW1y4itAUtVehBfDDAttbylVt3fdZTV_SLxuNSa7P5R...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71ViixPl8u6EQNsBDrLRIW1y4itAUtVehBfDDAttbylVt3fdZTV_SLxuNSa7P5REBuiHo9-XomjEEuzxbNka5AOFm7ydPw

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 88f4b78
date: Tue, 03 Oct 2023 16:17:48 GMT
x-bytefaas-request-id: 202310031617482F941FF1B3F4559F0187
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-54-206-24.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51612204) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=1, origin; dur=99
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202310031617482F941FF1B3F4559F0187
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTsF9z87vj3JNhrARcs7hSNKZQ_gB_-gZoyrVCuAvdFFEtxjJA2EhhdoSSt71ViixPl8u6EQNsBDrLRIW1y4itAUtVehBfDDAttbylVt3fdZTV_SLxuNSa7P5REBuiHo9-XomjEEuzxbNka5AOFm7ydPw
x-bytefaas-execution-duration: 3.65
access-control-allow-origin: *
access-control-allow-credentials: true
x-origin-response-time: 100,23.54.206.24
x-tt-trace-host: 0172a13a97151aadbf9cbe391b0321dbefbe931320ec79c12f4a79c1d21b7d57c788f95cb4dc123ff72013da20f9a51b531aff3dbaacd644631a6baa30e015053d3d6385cbc3697b1c70a7d66160d7870a9bbd4d69407e6232d0fbbd9d847f006b
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8070 0
12 B 32ms
31ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K2R3w_hgOr5nK8EcD-EUial6a5VWTENI9Y48xTHouw2NLtybP_CVd3hFM7BiLY1TtMYq2-z2Mk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 4344 4 KB
2 KB 86ms
31ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=11691000132618404438442012466007&a=885f610b
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=r4yapv8fhxky&nw=20&renderingType=javascript&namespace=1d3eeea21b&subid=&uid=e69ba94b7f600fac&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzDZgqz4cZez0GaGd9u8P09K5iASRwdCbacv2g5LcD_AuEAEg08vOMGD1lc6B4ATIAQmpAnZHs2TCjrE-qAMByAObBKoE8AFP0Gck4R-dyvqh4mziRGPUmzyOPoyXd_ZLmWHBzz4Ttlca91otNL70KlyLuMhQWWNYNlkpFXQNz8IkzLpkzpIu9uhXgG1jEPOg-3bQCkVO8OhcXo6wrO0PcewBFV_1tdBMMEDNXEXZdJIGXXeQW9odyEvU9TKLOhBGutsfIHA62u38x43y2HjhTxXQFepWZ1go9jZvVvueH723Tw1fUGpXw_HHR0uHHZNRPyFbHnpoV8pc8CBLZXmK6tmcMJxtutDKlaM8pT1LIdHjyNWJaNxf4fEAv25I8yYySqsjDsdxOjDRK9DAMrHVNNPNhIG78g_ABPrGi478A-AEA4gFwd6i-D2QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB0yAooCOgKAQEi9_cE6gAoDmAsByAsBgAwBqg0CQ0jIDQHiDRMIxoGM2qPagQMVoY79Bx1TaQ5BsBOVtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMIrPaM2qPagQMVoY79Bx1TaQ5BEAEYASAAEgJNHPD_BwE%26num%3D1%26cid%3DCAQSKQDICaaNoPdb0dw0xKOPxVaZFzcUxNzxPHvvYER1qBKgaIqt1cs6Y_A-GAE%26sig%3DAOD64_3upR2P9aHDB-rrdXmnv7IGDxSEAA%26client%3Dca-pub-5884294479391638%26dbm_c%3DAKAmf-B59kdSncxrsNOadYUZ6b8deML9c3CZtG3m2Ohhd58lvvJEZ0Qp6vMiNEHM7UzUzAfr2OZ-0LgxpgpaaGasaH-qBXIm2TUFx6btWilTkUoho1bayN16cKtRJ9CxUWmfu32EbYk5G1wG26FBrjd4lhIaGP3uext-n7Q_V5t-i56e6lEKZX4%26cry%3D1%26dbm_d%3DAKAmf-BmSAtaW04OzHaPbqNPTabFUY3EPOmy9--WMaEC-BF3ReYKMdBYL-wCcq8pgi6SxVz87TU7UCf_eZ2OVsxaQwMw0CA8jYBynEbmkv-rCm4oxXJNX55XvZco_NPhbjEJXUN3FKLfi7xWpsp2r1Ls_JccCBdJld26ZKkhgYuNky-F3NQ4itlwsrCyUGY4ZuV0ln0zQqLxWpcJrD9stD0_HGICywErbhsougnRUIuS_VK5zqY09GI5AdaU2TEGwwJZxlCEUopdntWezTsfgIufcMqgReIB8wl5IwXeWPQDzqczqhZpHoTBmxNQspcDQn7rccWD3zZVuCcSKYGUdDJkwgp5jkVEJdNhMolJcKICyb0t1D6RDCq9DuDOkv_-1WrZ6w44733Dv7UDG3hsZe44pAXtSekwbyKqUoHnJFXiP7OHvlpssqXoUBo992sdWeCGQV7N-jOOyl4647EELJpEB2sdbip0wb3MAZM6EiFseZ55KybNOtMoOgH7AViwxrEynTVReWNoEfiT9LQqceUFNXZ9Xv802jdH5hersjXS5BggDbR9BRdYToDJ1bbxeOp00VFkeZ8y1tUmqqodgV1ZfWWtb9QU0tt1W2jU5Tar2aOWZksvHgA%26adurl%3D&documentReferer=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2Fff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.xgcartoon.com&random=5262437933058&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: aec546f942e4d3acc17551b5a7d04718b6a60ce8bd2381d6eca757bcda47a070

Request headers

Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1411
Content-Type: text/html; charset=utf-8
Date: Tue, 03 Oct 2023 16:17:48 GMT
Expires: Tue, 03 Oct 2023 17:17:48 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 178F 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f2cqprNxaY2GOW1kJFnefQh67KLbyJA2ScFiBiL3W8Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:40:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 592633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:40:35 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D28C 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 30143
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Wed, 04 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d21uZUhWbVoxUU5JNUs1&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zz...

170 B
188 B

36ms
36ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d21uZUhWbVoxUU5JNUs1&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zznl1GXvfPbJsS_O6g3XqI_e7GksNvFVls3T1q9qXDi3xQMJb3Hch2Ftg

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 03 Oct 2023 16:17:47 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-790-g2a3fdc2#rel-ec2-master i-0e647d20a74bb4317@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d21uZUhWbVoxUU5JNUs1&google_gid=CAESEFjZQazSnZqi4QCM3-nm5hk&google_cver=1&google_push=AXcoOmRCgP_-uxPxA98MWctOKi1yceGK44DDuOgYBstX4zznl1GXvfPbJsS_O6g3XqI_e7GksNvFVls3T1q9qXDi3xQMJb3Hch2Ftg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEHkkZbY6knT4-G3i9sWq9x8&google_cver=1&google_push=AXcoOmS5HMs82cQpOFry14Tiwh0XcZ14P_PYU554RtzZ5Uz5qv_j6_7SQBVNHii2UBMtK94aQ8-kvUom-DOpzJ_PbSvMyadxsguaAg
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NEJFQjVCNjM2Nzc1Mzg5Mg==

170 B
188 B

52ms
48ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NEJFQjVCNjM2Nzc1Mzg5Mg==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NEJFQjVCNjM2Nzc1Mzg5Mg==
date: Tue, 03 Oct 2023 16:17:48 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOACBoJPQ3oMsXmtDusCcQ0&google_cver=1&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPk...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=KFYjPrFbQcAilhy4jD-Lbg&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPkNG1_VOtKAfi-Ng

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=KFYjPrFbQcAilhy4jD-Lbg&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPkNG1_VOtKAfi-Ng

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 03 Oct 2023 16:17:48 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=KFYjPrFbQcAilhy4jD-Lbg&google_push=AXcoOmT4IylRouota8UW0WhoI-mFLK9U-E9gzy1c1X_iUr5DgTKR_EQiPl4t3Gd4wFcrvgk3CqnjDakPohMNCTPkNG1_VOtKAfi-Ng
x-host: tde-deliveryengine-production-8b9d7bc7f-h4kxd
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_hm=ZRw-qyd5lMCvXHO6QNMY-gAAFAsAAAIB&google_nid=index&google_push=AXcoOmSBGujA-wk062SQrIz_wjS1ipQWhUFXE...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_hm=ZRw-qyd5lMCvXHO6QNMY-gAAFAsAAAIB&google_nid=index&google_push=AXcoOmSBGujA-wk062SQrIz_wjS1ipQWhUFXEDLHST5K5_tsuvLnisAk6Q3qMu7mdWh_U_h5_6um2oQkAAJHSZULBCWcDG10LzGT

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ie7txT0fiJrxKJPfpvDWJiexXa%2BY4FO%2FZvzjLAiE4MplhoN96niLCIM32MWM3%2F6IJ3KhKu7qDJrKDtfuygF5nSmNy2fCZ2PttKoCi163NLEnsWLLws5PRiTcOh1C1jYPYHuGAlUMKN8etg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGQvVIhp6RJcgrWVRNRuhTA&google_hm=ZRw-qyd5lMCvXHO6QNMY-gAAFAsAAAIB&google_nid=index&google_push=AXcoOmSBGujA-wk062SQrIz_wjS1ipQWhUFXEDLHST5K5_tsuvLnisAk6Q3qMu7mdWh_U_h5_6um2oQkAAJHSZULBCWcDG10LzGT
cache-control: no-cache
cf-ray: 81067f55eedf0200-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF8LdVWsyHar6-_HVusaG8Y&google_cver=1&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mh...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEF8LdVWsyHar6-_HVusaG8Y&google_cver=1&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mh...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ&google_hm=HbMxtGZHJo6FEHhSQgOn...

170 B
188 B

38ms
37ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ&google_hm=HbMxtGZHJo6FEHhSQgOnU1Ob

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 03 Oct 2023 16:17:48 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRpnAR_-Gu-yn4ISOOTULrQ_4kByU_xDXEEsHe4vtRcUoClOYNjuO0-UPStBAEAd_VCK4nVyfJrTP1eO24mhKCEvMvHcYr4oQ&google_hm=HbMxtGZHJo6FEHhSQgOnU1Ob
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D28C
Redirect Chain

https://google.partners.tremorhub.com/sync?UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9bBKnDg8D8bC1XmU-HirOHCM5YuCY_g6hR4KIEoMaNe9OctdrU6-L9ukwVG9CqQq6BAW4...
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=M2IzZmYwMTM0OGQ0NDNhMDlkY2FkMTliN2E2NWM3NjA%3D&UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9b...

170 B
188 B

52ms
50ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=M2IzZmYwMTM0OGQ0NDNhMDlkY2FkMTliN2E2NWM3NjA%3D&UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9bBKnDg8D8bC1XmU-HirOHCM5YuCY_g6hR4KIEoMaNe9OctdrU6-L9ukwVG9CqQq6BAW48TQ9ZZg

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=M2IzZmYwMTM0OGQ0NDNhMDlkY2FkMTliN2E2NWM3NjA%3D&UIDF=CAESEHz9vEp_Qx6F4pUoB4LHNyw&google_cver=1&google_push=AXcoOmRLHOHP6UV1kdr7VLGyZt9bBKnDg8D8bC1XmU-HirOHCM5YuCY_g6hR4KIEoMaNe9OctdrU6-L9ukwVG9CqQq6BAW48TQ9ZZg
date: Tue, 03 Oct 2023 16:17:48 GMT
server: nginx
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET /
csync.loopme.me/ Frame D28C 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D28C 0
12 B 46ms
44ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KX_h_7ArdfzAuV5yyAZtZiBzVb-a4qN9aiP46uDIlfInpnIDnshhjXteJkwA-fv_6fusQTGw

Requested by

Host: 3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
URL: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC4B 0
0 67ms
61ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfRrWdvDm8jYtrKjt4IF8MY2DPZTgIM5nBzpBPbxURooTfiqyPFW4jMP6fPh7oFF30Un_lkmCnuORodrhyCIDQ79IJMphi9YRVFmrpVNEdkweo3Ss7Zw2AJ8MeuF34_E-wBmSmyJ7Bh5YDbyrpniplgsoSUWd-BR4UiXFGSRG3hWbJyONxj8idoaC85VyK6opl75TMKz4Q-Acm4hVQlByYtAqYqz3NL1kw4PKnYmCNMrshSdYu-_4EabguFfTwr4uyw_Fd8lSZNJNabPJk7UEh1KugDTdPU9XJTXA9ZVbme4u4xHa8o4cdY1VMX6Ps9hARowlVlFAwsnTMKqygTfIn07snN8Ic2xuNL48OnLrX9akQEmAt0mV8iaHT-KyEXmSzGTHAJ3CLEHwSpKMBpho4Gn337-UiIqRM_FLmjTEmW_WexrcIDs7a4OBoWhuZWg06jkfeRdDWhLSlGnl4LB2vLuJTW0ozSRENwxLRAMe_UHUKdMBg2r110YrpEvvkodhzU6jXeEXgOyCE2mxJQY26PcsPt9CCO2JGREodeBzcIDhS0tn_5Bdr6S-oMrPZrTSw-uhidElWetvJiEdkScT9EhRaI0AH4hrddZAgWczJfnAUN12uQ0TCRMNj1TIYXGqWPsKoefViLxW6maAaY8BzgXpvrXnbuhL4vLG49LSsJ6khPzfCyir1BH-gHJ2HuDct5SStd9hURpLwdKgqJpuUjFgPGJEhz4xoBIjPK3E007BEx5S5RT2wGARGmaY3zJaDoWoezxvtw0xw8_QhwD3svhnOOs8CSKOfO9SwDSA1Rrp5t15CVBzxtwi57JPw6wk3ZB36AlISBixGSpLYODHtnVt4hateq08r8iInoQCJhqTfXbPBoj0BXMDOJGkp6wg_8cqmA-laRHkwafjl4blYKB4-exuDlfvXLJjFxADHigWGFfhcXeD8i0Aswfs3QNa0BV-pqdpdyL3XP9ZWanECKZMhD-RTNev9kAdx_txOjQ8eW64MBSR3JZ7Nneg9qoUfOLhM55VZ6-tC5YL2jcN1U-hSVN5a2nyhllzKF5G0FNm6dpuqJBl7UQXHTe4qX7FGe28ziEwMPtZLvS2T_V6VL6IjIJpunA2vPVFWG4Og5KEmSYaoq-nyybr6mEG8KaSVd56l6GvNexqiSCtd5l-so95iU0uFMgQjQqHXJ-WFZnIDShpB9FXeK-iLiy2eLLDEHNOW0CEUV5SABNrLo5V4JQ6dSBITKFTLrrucBQpUu1wR_zQooq43WDa7_GYA5-LW9OgFZl4o6uKaug&sai=AMfl-YTF7kTg2fN385WuMHQE2Lqv-rgpFrCyp4U55AwrtXwwUZgZ0Rx3kO4JhTWGbk_W6Pn6yGyiJwgImGxgaNyxkKzKcpfL1FIF2AkIK0PtmJjboK3uK1kVLQ2BuTXnyUNnmlR2YktMI8aydHYCpRQ7pLqaLy2_-lRABf1owyKWvE42HQTfPe0NK4cwQTVCRR0vVAo3uJ00JHgD&sig=Cg0ArKJSzOkxiWz2UmcTEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=139&vt=11&dtpt=138&dett=2&cstd=0&cisv=r20230928.54447&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK S-300x600.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 4344 95 KB
95 KB 276ms
51ms Image
image/gif 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x600.gif
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=11691000132618404438442012466007&a=885f610b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 Weil am Rhein, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 16:17:48 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-17bca"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 97226

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 4344 0
150 B 97ms
29ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=11691000132618404438442012466007&a=382ec9b1&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=11691000132618404438442012466007&a=885f610b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=11691000132618404438442012466007&a=885f610b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 16:17:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4344 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9FB1 0
0 132ms
129ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309280101&jk=4309628138426182&bg=!o6CloO_NAAYEJRtnJCU7ADQBe5WfOIs4Ff0FdxwAHM-BPTboNcLDvY0Ysd5TAdExGO833bk-blN2qWytA5yqiNtJU0jnAgAAAMFSAAAACGgBBwoADMCoyb0D3l5pJ-v2aJkDA-G-LNeFluz2H1Zqq2J5yaMCTWPlg25aM2TDPe4Sa0Njeahgu3QA5voFN-dbYuNoX783EEYzMq6I0ZEloC_W60rygRZ5hm8JMHb8Vjppnf2w5AXoCi0VCRcYdNGvrQi8K_XcDDnO9w3Zc2QaRW476SytOURBaGxFlODTMRNJ2uU2D_wE8CwrazZ_SP9H9pkQnLIOzSN9C7jfzoD-G4tKib7YSuDZbMg5RT7uQCfvammwg2EC3fxQwlYCfXIcQRcSR8IsS0zEhbsOxpiFSQkfN1SuYqInMGxctCPRi5SKguzN8h1aHOl3qxkYuWyjP51EtHa6EHnXO9J8D6a5IMVvPgI74Q8-bTP5JqSpHS5izxu_CggKdS0dpDLp0Sso-ZsLS9lq1eEGZkA9RrYqAG-LdXNSUZiQHIUeTv2GfgKxgyQfO9kRRVZjba6ujww9ZQUdqryMvSWmcZoMAK11Rr-ugoT3VyZHRT_296Rdgzm_NeCOb-vBS5GS08hNKhiHd9I_NmWQbbGIyedJ5rftfLH_W77XcMb0l5En2XiIvg6rs_ihi-yQqadV-jpqupWF0CMzL36AUeJVWcGtceEbk6Z5EsU9hncxYPkU8aMLFwDZCEI6u-VuVjOMs70uJ6QoZ2v2SI3nsbAEW_zzgK2wqLJA6qAyRFscZ_lB9Dkmy12kl3CHG8Mf010QzvMPVkuT1Er2d3dbusCrcyI5GocN-StyPt0tQ-9Mscx3s7jVPpqw4CGt-sCvWI4qKf_itj9-nnpueXQfbVgQZ3QxKkKEFJrgVoCSInqx_x1C01XwSPFUy7C7GnI03RJ8Ath-ZamzXx6JU5fkRAbkdiC11R5s-geguv_AzErguHDcURzkIRKaB_Dwd9Tal9DpAhsdx8E0SYAXywhC3rH_D0t0SozQw7pYXgbgRqo-CnXaYFj49oKCfbFJs541eNazda1Kb5RNpmkTkAJRpKuPymCCUqCSjA12IvAeTeMZZzBeOmM6jXlW3_AfAgajNRK7I9aQEMxT9Fq3KAiQXw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 178F 0
20 B 131ms
130ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6-6WrD4cZbzyEK2VjuwPsM60IAAAAAA4AeAEAg&bg=!1dal1pnNAAZN1Q_XbdU7ADQBe5WfOIUxnuPdA80P-rdZUJOzttOigH6YCuipCcp-ouL8AcfX7xUlz_ef8JA12sLqL5ANAgAAAIdSAAAACGgBBwoANKKbWiPSAnKL2oiZ9SvG4sVUDUT4vU0YFjaimkrodYdfAWZ1HMfUy4F7A4QaVC5HmIyDmpSZAx91BF4VGGIhtexiEvhCAV_FQ33fwD4dsglFZS4e28sGNR-zsTPoyJMO915V4hHjv54oxelGRuaEG0_Bq-aZPK5sDfK4wADPxoBrnPCcCP7eZp-Wo1ihBzqNqmuksXRxyzlZ0UtGHlMXV9BcNKNqdGEuJluRKBkXBOdzJ_FlZAAgLXTLqRjJJqkeCfoqDXzmFTnY4fqx_o-FRxTGmOXzOvVgeBXBKDeE97LOeAunI27HUClXFnlyVMMT9PLwUa5gPy1z9U_1H78uKO08SWpfnGgSScdqxukpiLj9WZr4Qb0VCwX4ut5_N-R52SvkSjkKM9iFSRVUtHFONRuqWxA3SZSYBRgJHMIcO3O9jBoaFmP3yamXHW_dXTGHs1ycnmhoy2tntKHyLXfyyLaRK-4i__g9Xj5ZSorlwDGvBtiwIJXIOg-AAVpY8jXhHg9fesRkN5vMCmzvFB2UoiMEP48A35BnVfbvPnZ_4y247KYfo4Hlej8Ytqr3WMfG0aIN1_RId54fvopCfSTml1MjRr2ZMQQOu9Q4DaBoZWty3mEspyI6LdSajke_xvnJZ7VcI9cqitOH3tK5klYFyx-FXK3jGz2hSXQsUoY7rHQCc-XNA3ajFPs5su_5viBB6wvXAIXQQUXFUYkkSwOmgNBb7w04ufReu6jogRFruG2tdMpJXvtlo-jQ3z4t77_H1TK5Le3mGDAcLE7Tn1cSx4l7dvg6mIMw0EOjzZZM9bghs8OSR_1VGf8MVP3uP91cBFo8OeAKBbc2teqs5upTfu0oOq77S6BVQNDIR1H-fpUpCzjNjgCFo7NmDfPmvLiRQXIKPQnYo-ySrm36OsAKbS7XbMW7D4y8Zd0q7EaDhtTrtbA3R8ZbRxyshM-_To7jgLcxKgwNxhkUkgk17MX-pRpp0c94ibFTQKBGUHi8n9faHG34NWDj0RvjPxXqhOB60BEF4fImfjyZaOeet3aSeLwmByjG2-a4qZOJPLkoEhotjcyv9mJJus22gf15whEu5YRl9EZbHRrT3ZwiGU3qAozE4EtYkMM84Zj0_MgFvwXeWH46Vyj1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 017C 0
0 128ms
128ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309280101&jk=3949002477549718&bg=!AgGlAU7NAAYEJRtnJCU7ADQBe5WfOERsnXkNwuXFuWPRfPNR6QcFuZYoeNus4qLZJkAOc6uEtImgvZQCGh9VwEoIYCkhAgAAAMVSAAAACGgBB5kDBO3ezQGvVinrrcwkbknW6luJQZ3Ky2B2P8I00lAzCETJ_3Z1aaxGeGRyLZP3iw9ttJiV6L9h5bNEtonR9Y8Bl1QU0y4CMo_i6Os19Nz1aHGZtpPaeTfDRGgfFd3S5JJ5Iar-o3BDjMgbKwV_o9M3NqDJws4KAwghUSuwW1sMv7T2ZjkejD1ZiGY3018jtTDTlms3Z39Pnc7lf99rG0u-KOETcjliKWuvxkxbaN--AG88F-GT0wL6S0e3GO5M4thnIgxId7AfGG_RyuTv5oZO5n7QW1-_taAWUQYa2KZb6ZLeq4u-5YA-Ig3eEjnIt9zq8y2N8Es9BP7TRdyhLtyRHfI77DQZvbxEvAIIcrg6xlyYIKzPUEvii-FVrBQlgKxQCvg_CAeDRn5S-zQ18MLcpMhVzXUwuUbujgcV3cql7oGagIuf4ucI_0BtncIX8fFfkfXQHmWovsgsqxk9v33PLbanyupxg4QLI9XnyRW5d2NyeB1lVS3bL6qR6I_G9Ul7IeQeS5ACRbGHDYPE559huSE_HbfrRY1ABoaSFk8BLevVKTwhe_ExENHb3jlkfAyQq2-tkQc_wdp9v3bnXbRpcS6c-HPHd6riaTdClELAB99C_p9bt5H0H5jHasELeTu-W-OSj6Dw7vFAyDRtiwng7gWESac7VUclEmD6JpusIDOcIiCi7ekVqLfyBj67yX_aZtPT9fAbCflrGd8GqfVXI9qfugXx9xZax0nTTKrzVI5iJCBjzNxPrt2w4Xd22k6mFw0GS_pSNs_35O4adbRUCbK7GEpfS9F81Yg82klNYSwaZgTI7bVP2jAwdHbrjt69kM5IVHvbKeU0xldwZ272yzJ9Jgck6eUrWtxAvDEuqougpI4x7Gj0-jgGCVnybz2JcEFHG91Ju0_xfuSM7r37zaOhlAtlvpJgjutyITQ8u0s6OBvCaEI6SaMshWjeJ315Q-6iiF9qHQix7Y4qAfG-I00xiRC2iP_4fEas4xl6k1TC6979IutmHBXh7_9vEmvwURvss7Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 47BA 0
0 59ms
59ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGiZDLl0IO8sWdNrfTRTEd3FiYr-4YZqRa90WkMG8BuadmSZchynFr_esDctfHIa1038o0qRnTb0Gd2AM3ZqQbCN1O9ElMIJM4pVCDruQD4PMwY0rkU2g9Tpav2s24esNfFdu2zXl05gRSBWh-2EY1jQLL9glUr5i-P2muOBV-EMlMUMVK9AAqJgmKSVWKTBE--VntbDaF3YPzNS0RVoKbHSdgyB7mQ00E6hced99OKbsd_Iveh16J8c0ftpgYF7o5QNt9aRNPyBkwf8BaBPyS7Y4vYYX0vUTswPxAUCbT_BtnxkUsFJuv3c011KDjV06kdqiwwMhdQAaYNy4AVspKcdTjBH1GJWIh3ns43Qk&sai=AMfl-YRp0YWTsU7OUKHOy7ilXGrLtNfJAKmlmEfvk40791cbfZTAv_c7cumwXBHwMUQRaTLMz-INxGNQ1PcdM7A&sig=Cg0ArKJSzDAnS2BYhfy-EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 47BA 15 KB
12 KB 71ms
71ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230928&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291001/show_ads_impl_fy2021.js?bust=31078422

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74535662b9f79a6b8d8dbd1dcee03b121df6f6c57612eb7bab514a949f0adc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11934
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 47BA 17 KB
6 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291001/show_ads_impl_fy2021.js?bust=31078422

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 03 Oct 2023 16:17:48 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 030D 13 KB
5 KB 22ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 15426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 12:00:42 GMT
expires: Wed, 02 Oct 2024 12:00:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BFE0 829 B
557 B 52ms
50ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

396adfc5c2fdaadbd2b0d48d5285a3fce91b008c99d731d357c2e0dbb706c3c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-24Gtmk-sz8bcM6KyLhdiyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-24Gtmk-sz8bcM6KyLhdiyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 03 Oct 2023 16:17:48 GMT
expires: Tue, 03 Oct 2023 16:17:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame 030D 37 KB
14 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:13:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 16:13:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BFE0 0
0 122ms
122ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230928&jk=1277512177376632&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 030D 0
12 B 24ms
24ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?g6FzcQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 16:17:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 797E 0
23 B 136ms
136ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8333692902372&version=m202309260101&ct=77&x=1&cor=9546921479807422000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 47BA 0
0 127ms
127ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230928&jk=1277512177376632&bg=!a2ilaCfNAAYEJRtnJCU7ADQBe5WfOGYI1JXvYIKQbllMwNRBQlhNVf2j-rPhZXVKLCuwYykJarO2EkeC4AyEMVgGDKweAgAAAIxSAAAAB2gBB5kDBD2cMZQD6ez0JkOa7FLpCVpusGA0BW-6jzHgxzYakCdgxbfM57qYPymHoZk1OHVu59E6S-cvSzgv4SvRB0QscQieBpnHj_5IFfdHiboAXgACL-XNmY4u4IXqutgPsFzvmjSpwxKBjI1uqKqerKEveeHb08mudFGE8qb_Z9XjZQv_ovmJk0J2hQcpvtdIVXR0ClI4zhFrUctF01dBe8-oDe3_XEOXQul-wn5FbtdAXazoNFxjkRoZDijKlRU17kOhDzmipLXyyqPahukaYFxyeDGEhLuuaypIOEwqWJ3U8iRa4YAU74rrSWkhmfsurAFUQ_VL27-w8k7bv-WsQwaxB5i13v2IffzX38fc5KN-d5se5wb6i5t6-GPUaTIoSQ6eR5MlITAgc0dQd8EXucQv91HJQyzXiVj1s3NbPaCj92GWRi41KdSjjD2NwqWr5TEb8thHA3Srtx1cGE9LRt4p5HC59ZY6UgG0esRX1-AbFAoLxPVOFPmUHAU8_-6x_4IughxO7nRFbSyg58SdNJixN_tKxoFr22WlbXJbKVor3cTHZNoLO_lDk3jnw8UuXdsKrh3EJtDdQ4aONJALwnspRNJb2K7h1atNFGR3n1lBSOS75NG1aKPXUw10Qu6eMe1HwGGCJXO6rTVBGRZk0j1_48ltC_9RV2byrfpk0ND3U4WjLQ_Cl6wuG82-ZZ7DmDrxP_lcnIum2g-FkzW1XzGWchKG88RSwtVwL8FcVptXMIT0hkDMAZMDJEoBY2ZBdlMXuiV33fkxL5S0arocFNGBx-nZ6siPG36_2oO0ohCqsI0QGM4K9BIpcSjc8lKSC2vmZKVOeqss4kUkqJbWHsg8vab4dn0i9_Nn4QS-kIsreZaSEBiPUyPUiBpJDBKjjzv5gLBQaX-gc77IyfTqfStdkaqpbmQNJhbiNzBveZYiJ40iSvrSqK9xM2ETYht3YY3YFhgW83rrCkkUzPVA-mF3C_Crcdc0YBwODr7ICUIkzVww-ibDWV9F0r4nz5doID3OQTf9oiE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC4B 0
23 B 124ms
123ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8219277301765&version=m202309260101&ct=2&x=1&cor=12009991640691130000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D5C 0
23 B 122ms
121ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1392250265776&version=m202309260101&ct=77&x=1&cor=5316804272167203000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 Oct 2023 16:17:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: csync.loopme.me
URL: https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEApccbvXLqu36k1F60A3GW8&google_cver=1&google_push=AXcoOmQq6TLZt-mn6BHWrDL1jQZ2JobkMWI2hPYrMNj3cGJ5e5DMd-XjcCoUHXuYNna4lO2qNvHCmm31yDvUsCbvh6YNCJwYUR3Eqzc

Domain: csync.loopme.me
URL: https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEApccbvXLqu36k1F60A3GW8&google_cver=1&google_push=AXcoOmSpPwyF5oq8qBL79DLEoYF_z29SPwlGAsQKABb-SNX9N9cfEfVQycIH0U64H6LbH9M0_Vi43s8PSTk6CfPV7gnbW3gasD5gRUwEuy_5idqiKzaTAi2dt13v_Kdsf_UAkVta9m6CNJAmyypXnSyIRjp4NQ

Domain: csync.loopme.me
URL: https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEApccbvXLqu36k1F60A3GW8&google_cver=1&google_push=AXcoOmToi349S07Gxq2Aup81JVYUv4qRdh4jXDzX6k-VOFoZtNvd9i03ZBvUWVnSCSdhvqDx6PWDh3yzzRCd6b2y7xbNOUinU_yWhA

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.statcounter.com/	1970-01-21 00:48:29	Name: is_unique Value: sc12916097.1696349865.0
.statcounter.com/	1970-01-21 00:48:29	Name: is_visitor_unique Value: 1696349865233216648
.xgcartoon.com/	1970-01-20 23:58:05	Name: _ga Value: amp-2rxHFmxyD5GWF1QEpHBwWA
.doubleclick.net/	1970-01-21 00:48:29	Name: IDE Value: AHWqTUmAz-__rzYtyOTYygs93mofjV_OA9UUEtS_S75Idu2maZLCEQVauX9C28763rY
.doubleclick.net/	1970-01-20 15:12:33	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 17:22:05	Name: ar_debug Value: 1
.adfarm1.adition.com/	1970-01-20 17:22:02	Name: UserID1 Value: 7285767201361690983
.casalemedia.com/	1970-01-20 17:22:05	Name: CMPS Value: 5283
.casalemedia.com/	1970-01-20 23:58:05	Name: CMID Value: ZRw.qyd5lMCvXHO6QNMY.gAA
.casalemedia.com/	1970-01-20 17:22:05	Name: CMPRO Value: 5131
.openx.net/	1970-01-20 23:58:05	Name: i Value: 1f9eaa0f-ed0a-434f-a1b7-565324e549b3\|1696349867
.adnxs.com/	1970-01-20 17:22:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?`kBIQ2!]tbPl1M>e)ZlrFUfJ+tGXxoiE?KL2>XkMfNa1'?8_YAZEUqY4Na`dm.)/Y?3If)y3KL9D3I?-.:n1=k
.adnxs.com/	1970-01-20 17:22:05	Name: uuid2 Value: 2353792671872639413
.redintelligence.net/	1970-01-20 17:22:05	Name: 8lcfmzhxc8d6_uid Value: 577b2ec25c1568dd
.1rx.io/	1970-01-20 23:58:05	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-3608f835-02c0-4dca-9044-00bb4a4890c2-003%22%7D
.teads.tv/	1970-01-20 23:56:39	Name: tt_viewer Value: edd8715f-2320-41b8-9d22-c9e85b3b931a
.yieldmo.com/	1970-01-20 23:58:05	Name: yieldmo_id Value: 3eqEMqqnn7qChaCFynnO%7C1696291200000%7C0
.targeting.unrulymedia.com/	1970-01-20 23:58:05	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-3608f835-02c0-4dca-9044-00bb4a4890c2-003%22%7D
.bidswitch.net/	1970-01-20 23:58:05	Name: tuuid Value: f1a7e724-4da4-4af2-b1c8-1af336ecb7f5
.bidswitch.net/	1970-01-20 23:58:05	Name: c Value: 1696349868
.bidswitch.net/	1970-01-20 23:58:05	Name: tuuid_lu Value: 1696349868
.acuityplatform.com/	1970-01-20 23:58:05	Name: auid Value: 835727490238
.acuityplatform.com/	1970-01-20 23:58:05	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANPqNdXNlck1hdGNoaW5nSWTIkWxhc3REcm9wVGltZU1pbGxpcyUBRT1KTQ6GmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUU9Sk0Oho90aGlyZFBhcnR5VXNlcklkWkNBRVNFQ0t2WllrNVNjMFZqcklSOS1zUmdXY/v7hnZlcnNpb27C+w=="
.travelaudience.com/	1970-01-21 00:44:10	Name: _tracker Value: %7B%22UUID%22%3A%222856233E-B15B-41C0-2296-1CB88C3F8B6E%22%7D
.linkedin.com/	1970-01-20 23:58:05	Name: bcookie Value: "v=2&d1f91ec6-1afc-47e9-879e-0311d0dd49b5"
.linkedin.com/	1970-01-20 19:31:41	Name: li_gc Value: MTswOzE2OTYzNDk4Njg7MjswMjF6N+i0lv1oqhD+JJ1OJH8bGee3PvIiztt8ZSyKIsd2EQ==
.linkedin.com/	1970-01-20 15:13:56	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3010:u=1:x=1:i=1696349868:t=1696436268:v=2:sig=AQGO7ztg5ayOsQfFtlErXPwf-UDrcRbF"
.w55c.net/	1970-01-21 00:44:10	Name: wfivefivec Value: wmneHVmZ1QNI5K5
.w55c.net/	1970-01-20 15:55:41	Name: matchgoogle Value: 5
.lijit.com/	1970-01-20 23:58:05	Name: ljt_reader Value: HbMxtGZHJo6FEHhSQgOnU1Ob
.tremorhub.com/	1970-01-20 23:58:26	Name: tvid Value: 3b3ff01348d443a09dcad19b7a65c760
.tremorhub.com/	1970-01-21 00:48:29	Name: tv_UIDF Value: CAESEHz9vEp_Qx6F4pUoB4LHNyw
.tremorhub.com/	1970-01-20 15:19:41	Name: tvssa Value: 1696349868786
fksnk.com/	1970-01-20 15:22:34	Name: AWSALBCORS Value: wr8lyy04TN00ldtkBzerxkATWEZgbacppjMje/dGtxFWvnAeEboGR2UTgeoc2Y3iWoyVTsxvlJ5zn+/1TMEBUMJQFkTW0R/ptGU1g/aRtqNyISOPyVgzsmzK65f5
.fksnk.com/	1970-01-20 17:22:05	Name: f_001 Value: 4BEB5B6367753892
.fksnk.com/	1970-01-20 15:13:56	Name: g_001 Value: 1
.inmobi.com/	1970-01-20 17:22:05	Name: idsp_c Value: a7f86c9a-58d3-41cb-afe6-8aa0db603133

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.xgcartoon.com/detail/qidazui_di3ji_zhushendenilinriyu-lingmuyang Message: The resource https://ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3d407395243a774eebe8012be72ff850.safeframe.googlesyndication.com
ad4.adfarm1.adition.com
ads.travelaudience.com
ads.yieldmo.com
analytics.pangle-ads.com
ap.lijit.com
c.statcounter.com
c60b32988acecf91294db25539cb1054.safeframe.googlesyndication.com
cc.adingo.jp
cdn.ampproject.org
cdn.contentspread.net
cm.g.doubleclick.net
csync.loopme.me
dsum-sec.casalemedia.com
ff6de99b168f17b7375a51d58efef8b0.safeframe.googlesyndication.com
fksnk.com
google.partners.tremorhub.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
id5-sync.com
im.bluevoox.com
imagesrv.adition.com
mweb.ck.inmobi.com
pagead2.googlesyndication.com
partners.tremorhub.com
pm.w55c.net
px.ads.linkedin.com
region1.google-analytics.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static-a.xgcartoon.com
sync.1rx.io
sync.inmobi.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
ums.acuityplatform.com
us-u.openx.net
www.google.com
www.googleadservices.com
www.googletagservices.com
www.xgcartoon.com
x.bidswitch.net
csync.loopme.me
104.102.35.84
104.18.27.193
104.20.219.77
13.113.147.59
138.201.63.157
142.250.184.194
142.250.185.226
144.76.91.199
154.59.122.79
162.19.138.117
169.150.222.217
172.217.16.194
184.73.203.57
193.108.153.24
20.127.253.7
20.85.134.6
2001:4860:4802:34::36
216.52.2.48
217.79.188.46
217.79.188.59
2600:1f18:612b:4216:7b35:6241:9161:5be7
2600:1f18:612b:4216:f80f:eda:bc61:b763
2606:4700:10::6816:2e93
2620:1ec:21::14
2a00:1450:4001:806::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2006
2a00:1450:4001:811::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
3.65.51.143
3.73.105.217
35.190.0.66
35.244.159.8
37.252.172.123
46.228.174.117
52.45.175.185
54.155.169.152
85.114.131.235
04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
05fb381a67f84577da22e172fb9e5900baafddda5a4b52efcd7f878a26fbff64
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
102d94d49d9ad2b6cae435c8d89ace9bfe0faf5901c2c010954531b44db015f7
113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
141a9b0b0492c8b4e7deb1e0537c69d01a3af169bf0c6e3a70c027856fdcedf4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18b0845b26a7ccf2e93099a57d37edfb698c03ce9db6d2ee189271bf50d1c8a5
1aa4a7bb3250246172fb936a76cad3eda063687abf10aeef1780a2fb659a9abc
1d5a3f04b91e0360e79e56f5d5955addfc3b3365e691a532640abf9c86e24d24
21700cf92f5c257c85572250ecfd86056dd9ff6e439b7fbf1173bdeef134896d
256b8bbfeabe436e3316ffb3960057210fafdf735319c7a0e567226eba0ec5cb
2752aedfa51601544c6f51e0506ff715b5aec379fc482a53301996e67517668d
2a16b26baebe653a88604831fc59bd38f7848491d5beed5165afb02dac40b975
2a8cec5afdf87e0d08cb3cfbca43bf398f6efcc02dad18b2fdd7003bbcd01669
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34021e046d7cf0074446a69e1a4cd859e0adf78720d9cdccd31fdea0f08934c5
34d7aac0a5ee9bf5e5c79e929a2375b1eb2b8c9b2f1ed92cee026d3cca539d7a
396adfc5c2fdaadbd2b0d48d5285a3fce91b008c99d731d357c2e0dbb706c3c9
3b1ab917c7da8e45e24d8eea1c130fa25ce01e422fb747eea8163a06e07e84bb
3ce6586d8c12301c4f22056f74b6d16d7d47b4380f77758ef62089afbd131dd7
41028f1ca593711ac048a68041a1db5d1f3d4da2916e0463588fd360f38bdc37
43fdbad1e70b4ca4f893ab921a117375f407ea61cfe84f8530d44e9dc75afb28
464857ce2cd39f577e1aee4380de452b3032f2746c94be5b8d71508e0733ca40
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
488c299c8b5894a6542055567566569177c97620aa9a508ad929a7eddcc9e060
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b74535662b9f79a6b8d8dbd1dcee03b121df6f6c57612eb7bab514a949f0adc
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fab862d28ba45d5db261634132fcdc5c55e8b061671f3eba2c747885aa21cad
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51b5ae1f0ff10c4595493fa2d4edb2c308f97976be783ed5d7d962a8d81606d1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5e2933f632e8142b155e29fc235e1078447744dfa6eb6428754944bb4d41c00e
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
6193ef1ac85090fce999852868286a8502105185bef718199d69edf5ceb86313
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62261968173cff7922e600b9d34d30d5df2efb03a2afe2c4e6e8e1a0b0c96e50
68a87ab6b0a729d10824856b738e2801cb3a3f56c0bfad975a1495f30b1212ca
6c00736e58728d82754e3e5ced15af509097d091819b27a9b72129b91d8bff3b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
79ada21b2a34d9189f67d43de421b6cb516d51f61d45c395f849b6f7122dd9ce
7c1387c88b16ecfdbe1df4e21143068c445173be07582189eee68c4dacb2f09c
7f672aa6b371698d86396d642459de7d087aeca2dbc8903649c1620622f75bc4
80482b65d7f8fd2e9450e2de517ce6dbbb1ceff20eed1d71688306fac53de8d2
85a1060c944c575ffa2ce8410d77eb886c8aa6bbee6d624c0e02b3b4170ae8a7
89f1b87cf5e58eb63b40edf0ccda2e3e5540d13e4b415e49800246a70c08db1b
8a566bd9cd6957ee48a15942c2dff659cd63da83624abb351f3b47635cf34c7b
8b2ec34fe9aac6ec92a78d99f457abdc874b029419c51bee9404f0ed8ccda45c
8c57124f785e69b8c1e21fa7f4d78947ce7d5136b69296530fc7b3b9091bbb41
8dfad163b0a7d8e83f7fb8712e068f7410cc7a71038e57b09d63a8af2f6612ad
8f88777ded800643f7d6832c1bf4e15a8cc71c45772e46340d9ad7932451d204
8ff69293c848bb04c7f4c328ed4e0124deb8e6003ff78cc1731649ca67590261
9335a20f2c7f9909329b084c9814cb5483c9fcfa3ec9a55867faa22d37ef406d
94c849575fe72d56d0355d4e41ce8eab134584f902f1e6e6e929c6b5c73e0f1b
96de8a8e9fa77c476647c1746de42eb8811a8db2c36b2c675f779b53d040902b
9883d27b3f72e5a653a4baa17e904e8db6c9063e97f1f302d49d583e5b2e7f66
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b22b527a652c53284f5339711a08c2ef2667565d35c09e38f835593e2fdea9c
a01f3173360d2126a411d99789f08b3b5ec679cab0b89350cae3986169624f9a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a24bf435f35ac214cad692735eb2f8a9235101f45c115b1ef1265cc275cf3c50
a3a95c780e94d916656548d7a3731c9f26cfc6b7c7cf7c7c7c1a374f2a4cec6c
a3fe2201aeda9050d5a049b03528e35c36bc20298f05b3e5e2a3574c385b683d
a4469ab0c7ce65d2198202049fd355d98f792af76a35177918585c167bbbb5e1
a45cce4039d1a24390f17f2a13696864601a113398402930fc1a29e4b74d732e
aa1305d7baebcaaca830bdaa875d69c9ffaf511c107d90d6c94d505589d6dc67
ac4a2fcf56f3a5815338b809cd7e8b9a80b676bc6ad801f4c9666b3e9c7bdfd4
aec546f942e4d3acc17551b5a7d04718b6a60ce8bd2381d6eca757bcda47a070
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3df87552fe5b484edbcaa1d77ad1d35b2f5a08519d5cb83aef3ec8c3f254efd
b90bb6817c2393fe73ada8db342d765b4fe31526bec3cae89abdb0f2b8b38b41
b99ee275208ffdee7bbd9fdaade2698a3709c3fd608d82d9670ecdc7e05d132d
bbdd1f9b8a653864f3454d7b4716d07d9b6f49d12f52e22457889b7257ff66c1
bcd084f24c3dc4464fbaccc2f9b7260c74164bb581c9f7bd732b40993531b1a0
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
bf5e73ce29fe3acfe7df3893d33ce608323928a2643dfc84725a3b0217baa1f5
c1028418bd63fb18a71c93ec9c97aafd1684f30825700fd4e68ae08af530465f
c1a1d3f0e885f1f1d98989a432f4616f2be2e936ff0c8759593197fa04ea1e4b
c65871f8cfd9bae04fc4466e17f437f5312dd409a13f30789e7e76ea8979dbbb
c79831d809c25cd6e16f0484f07797112717213d2b7335a1edfcf386d2aa7397
c82dda4d8680a3128bdaef741267a4b107cc63dc88691b1a47f96c3b15f2cf1a
ce5d2c5db39edc66c10096838a6c9c92a20e3d2b3f1f19a274bbd2848a8f2e07
cefd5bd9a30367cb1a5e8dc7168f1515a31a53786b415865c867c221c74b5ace
d6985fd0356fbee0df99d652c5172f01a4cf4abc377dd0a87affd11ad9ccba76
d6f226bf73d309afec0f8136aadcd4c31a5fb38158edc76f2be201529cea88e4
de4a8de27816c4a35469116b47d2f09682b610f92d4462c51dde1ab101b60421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43c27129ff87860bb6c371cd91e51f6a7aa1d9122624cd1944d8153467e05f8
e497e42ddc988c37d46e9ec59af849b5976c86995df0dc196568c35c1d74c109
e5f095c4e9569faff0652dd7fc5f549af4696275226fa6d9ccaeb25521768d10
e66f7864931e2cff0dbc2155e05ab92fdc47c83780e686cca0e11bf827cf2591
eb674de5636ad731f83bbd141aaac1337fd1539cf7976b59f7dbf17730c1dac6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1bc4aa5c920cf22f6169952d4c0c83a5976131390d4a7abffcea634c0af022f
f8facf9afcd0ea4dd63dae7283974e4ced1a4fbefba07e691c1798ef9916b0bd
fa7f818d8c4758f79e338d0c26f9b08e3e102302c22ff95b926d394c5c27785f
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

www.xgcartoon.com Open in urlscan Pro 169.150.222.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

217 Requests

86 %HTTPS

30 %IPv6

34 Domains

47 Subdomains

27 IPs

7 Countries

3333 kBTransfer

7567 kBSize

37 Cookies

1 Outgoing links

Redirected requests

217 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.xgcartoon.com Open in urlscan Pro
169.150.222.217 Public Scan

Screenshot
Live screenshot

Full Image

217
Requests

86 %
HTTPS

30 %
IPv6

34
Domains

47
Subdomains

27
IPs

7
Countries

3333 kB
Transfer

7567 kB
Size

37
Cookies

217 HTTP transactions
15 data transactions